Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW Before V11.0.1 on RUGGEDCOM APE1808 Devices

Act Now8.8SSA-822518Apr 9, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Palo Alto Networks has disclosed multiple vulnerabilities in PAN-OS Virtual NGFW affecting Siemens RUGGEDCOM APE1808 devices running all versions. The vulnerabilities span multiple weakness categories including cross-site scripting (CWE-79), insecure deserialization (CWE-610), file upload validation issues (CWE-434), and server-side request forgery (CWE-918). These flaws allow remote code execution with no authentication required. The issues are actively being exploited in the wild. Siemens recommends upgrading to Virtual NGFW V11.0.1 and implementing compensating controls until patching is complete.

What this means

What could happen

An attacker could remotely execute arbitrary code on RUGGEDCOM APE1808 firewalls by exploiting multiple vulnerabilities in the Virtual NGFW, potentially allowing them to intercept network traffic, modify security policies, or disrupt network connectivity to critical infrastructure.

Who's at risk

Manufacturing facilities and any critical infrastructure relying on Siemens RUGGEDCOM APE1808 firewalls for network perimeter defense. This includes industrial control networks, utilities, and any facility using this appliance to protect OT/ICS systems from internet-facing threats.

How it could be exploited

An attacker with network access to the firewall management interface or appliance could send a specially crafted request (no authentication required) that exploits one of several flaws in the PAN-OS Virtual NGFW implementation. The attack could involve cross-site scripting, insecure file upload, or server-side request forgery to achieve remote code execution on the device.

Prerequisites

Network access to the RUGGEDCOM APE1808 device (accessible from the internet or untrusted network)
No authentication required for initial exploitation
User interaction may be required depending on specific vulnerability variant

remotely exploitableno authentication requiredactively exploited (KEV)affects network security infrastructure protecting critical systemslow complexity exploitation

Exploitability

Actively exploited — confirmed by CISA KEV

Affected products (1)

ProductAffected VersionsFix Status

RUGGEDCOM APE1808All versionsVirtual NGFW 11.0.1

Remediation & Mitigation

0/4

Do now

0/4

HOTFIXUpgrade Palo Alto Networks Virtual NGFW to version 11.0.1 or later on all RUGGEDCOM APE1808 devices

HARDENINGIf upgrade is not immediately possible, isolate RUGGEDCOM APE1808 devices from untrusted networks using network segmentation or air-gapping until patches can be applied

HOTFIXContact Siemens customer support for patch delivery and detailed mitigation guidance specific to your devices

WORKAROUNDReview and implement the specific workarounds published by Palo Alto Networks for each vulnerability (CWE-406, CWE-497, CWE-73, CWE-79, CWE-522, CWE-610, CWE-434, CWE-918)

CVEs (8)

CVE-2022-0028 CVE-2023-0005 CVE-2023-0008 CVE-2023-6790 CVE-2023-6791 CVE-2023-38046 CVE-2024-5911 CVE-2024-5917

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d05fb9a0-67b1-4775-b74b-bbe8df5a7faa