Impact of CVE-2024-3400 on RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW

Act Now10SSA-750274Apr 19, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Palo Alto Networks CVE-2024-3400 affects RUGGEDCOM APE1808 devices when configured with Virtual NGFW and GlobalProtect gateway or portal. The vulnerability allows remote attackers without authentication to inject OS commands and gain full control of the firewall device. Siemens has released a patched version of the Virtual NGFW (V11.1.2-h3). The vulnerability is being actively exploited in the wild.

What this means

What could happen

An attacker can bypass authentication on a RUGGEDCOM APE1808 firewall configured with Palo Alto's GlobalProtect and execute arbitrary commands on the device, potentially disrupting network traffic for plant systems or redirecting critical communications.

Who's at risk

Water authorities and municipal utilities operating RUGGEDCOM APE1808 devices as network firewalls with Palo Alto GlobalProtect enabled. This affects any facility using these devices to protect SCADA networks, water treatment plant controls, or power distribution systems.

How it could be exploited

An attacker on the network sends a specially crafted request to the GlobalProtect gateway or portal service on the RUGGEDCOM APE1808. The vulnerability allows the attacker to bypass authentication and inject OS commands that execute with firewall privileges, giving them full control of the device.

Prerequisites

Network access to the RUGGEDCOM APE1808 on the GlobalProtect gateway or portal listening port
RUGGEDCOM APE1808 configured with Palo Alto Networks Virtual NGFW and GlobalProtect gateway or portal enabled
No authentication credentials required

Remotely exploitableNo authentication requiredLow complexity attackActively exploited (KEV)CVSS 10 (maximum severity)EPSS 94.3% (very high exploit probability)Affects network infrastructure protecting OT systems

Exploitability

Actively exploited — confirmed by CISA KEV

Affected products (1)

ProductAffected VersionsFix Status

RUGGEDCOM APE1808All versions with Palo Alto Networks Virtual NGFW configured with GlobalProtect gateway or GlobalProtect portal (or both).No fix yet

Remediation & Mitigation

0/3

Do now

0/2

HOTFIXUpdate Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 to version V11.1.2-h3 or later

WORKAROUNDConsult Palo Alto Networks' upstream security notification (CVE-2024-3400) for workarounds such as disabling GlobalProtect gateway or portal if not required, or implementing network segmentation to restrict access to the device

Long-term hardening

0/1

HARDENINGImplement firewall rules to restrict network access to the RUGGEDCOM APE1808 management and GlobalProtect services to trusted engineering networks only

CVEs (1)

CVE-2024-3400

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7c8caa71-e144-4d26-8f92-f9ac02e2db8c