OTPulse
FeedAboutContact

Vulnerability in Nozomi Guardian/CMC before 23.3.0 on RUGGEDCOM APE1808 devices

Monitor5.3SSA-665034Feb 13, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Nozomi Guardian/CMC versions before 23.3.0 running on RUGGEDCOM APE1808 devices contain a data exposure vulnerability (CWE-200) that allows an attacker to read sensitive information from device memory or configuration files without authentication. The vulnerability is remotely accessible over the network with low complexity. Siemens has released a patch in version 23.4.1.

What this means
What could happen
An attacker with network access could read sensitive information from the device's memory or configuration, potentially exposing credentials, process parameters, or network topology used to manage your industrial network.
Who's at risk
Manufacturing facilities and utilities operating RUGGEDCOM APE1808 devices (industrial-grade routers/gateways used for secure remote access and monitoring in ICS networks) with Nozomi Guardian or CMC monitoring/security software installed.
How it could be exploited
An attacker on the network sends requests to the RUGGEDCOM APE1808 device running vulnerable Nozomi Guardian/CMC software. The device improperly handles data exposure, allowing the attacker to extract sensitive information without authentication or special privileges.
Prerequisites
  • Network access to the RUGGEDCOM APE1808 device (typically port 443 or 8080 for management interfaces)
  • Device is running Nozomi Guardian/CMC version earlier than 23.3.0
remotely exploitableno authentication requiredlow complexityaffects management/monitoring systems
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
RUGGEDCOM APE1808All versions with Nozomi Guardian / CMC before 23.3.0No fix yet
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDRestrict network access to the RUGGEDCOM APE1808 management interface using firewall rules; allow only connections from authorized engineering workstations and monitoring systems
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Nozomi Guardian/CMC to version 23.4.1 or later on all affected RUGGEDCOM APE1808 devices
Long-term hardening
0/1
HARDENINGImplement network segmentation to isolate the device on a dedicated OT subnet, separate from general IT networks and the internet
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/93de43fd-24f7-4b86-af1d-1e0afa64c011