Multiple Vulnerabilities in Nozomi Guardian/CMC before 22.6.2 on RUGGEDCOM APE1808 devices

Monitor7.1SSA-647455Oct 10, 2023

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities exist in Nozomi Guardian/CMC before version V22.6.2 on RUGGEDCOM APE1808 devices, including SQL injection (CWE-89), cross-site scripting (CWE-79), improper input validation (CWE-20), broken access control (CWE-863), and session fixation issues (CWE-384). These vulnerabilities affect the management console's security, potentially allowing authenticated attackers to access sensitive information or disrupt monitoring functions. RUGGEDCOM APE1808 is a hardened industrial Ethernet switch commonly deployed in critical infrastructure networks.

What this means

What could happen

An authenticated attacker with engineering access could exploit SQL injection, cross-site scripting, or broken access control in the Nozomi Guardian management console to view sensitive network information or disrupt monitoring capabilities on RUGGEDCOM APE1808 industrial switches.

Who's at risk

Manufacturing facilities using RUGGEDCOM APE1808 industrial switches with integrated Nozomi Guardian/CMC monitoring and management consoles should care about this advisory. These devices are commonly found in production networks, water treatment facilities, and electric substations where they provide network visibility and control.

How it could be exploited

An attacker with valid engineering workstation credentials accesses the Nozomi Guardian/CMC web interface on the RUGGEDCOM APE1808 device. They inject malicious SQL, JavaScript, or crafted requests to bypass access controls (CWE-89, CWE-79, CWE-863), potentially retrieving configuration data or disrupting the management console's availability.

Prerequisites

Valid engineering or administrative credentials for the Nozomi Guardian/CMC management console
Network access to the RUGGEDCOM APE1808 management interface (typically port 443 or 8443)
RUGGEDCOM APE1808 device running Nozomi Guardian/CMC before version V22.6.2

Remotely exploitable via networkRequires valid credentials (reduces risk but likely available to site staff)Low complexity attackMultiple vulnerability types (SQL injection, XSS, broken access control)Affects network visibility and management capabilities

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

RUGGEDCOM APE1808All versions with Nozomi Guardian / CMC before V22.6.2No fix yet

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict network access to the RUGGEDCOM APE1808 management console to trusted engineering workstations only using firewall rules or VPN

HARDENINGEnforce strong, unique passwords for all engineering and administrative accounts on the management console

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Nozomi Guardian / CMC to version V23.4.1 or later

Long-term hardening

0/1

HARDENINGSegment the management network from operational data networks where possible

CVEs (7)

CVE-2023-22378 CVE-2023-22843 CVE-2023-23574 CVE-2023-23903 CVE-2023-24015 CVE-2023-24471 CVE-2023-24477

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f79dcc60-033b-469a-882d-d50beb3b822c