Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices

Act Now9.8SSA-864900May 13, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Fortinet FortiOS contains multiple critical vulnerabilities (CWE-522 weak credentials, CWE-787 buffer overflow, CWE-295 improper certificate validation, CWE-613 insufficient access control, and others) that affect RUGGEDCOM APE1808 firewalls used in Siemens industrial networks. The vulnerabilities enable remote attackers to bypass authentication, execute code, or manipulate security functions without credentials or user interaction. Siemens is preparing fixes; interim workarounds are required immediately.

What this means

What could happen

An attacker can remotely exploit multiple vulnerabilities in the FortiOS-based firewall on RUGGEDCOM APE1808 devices to bypass authentication, execute arbitrary code, or disrupt network communications that protect manufacturing operations and control systems.

Who's at risk

Manufacturing plants and utilities that use RUGGEDCOM APE1808 firewalls for industrial network protection. This device is commonly deployed in critical infrastructure (power, water, manufacturing facilities) as a hardened perimeter firewall. All organizations using this model are affected regardless of configuration.

How it could be exploited

An attacker with network access to the RUGGEDCOM APE1808 firewall can send specially crafted requests over the network (likely HTTP/HTTPS or management ports). The combination of weak authentication, cryptographic flaws, and buffer overflow vulnerabilities allows the attacker to authenticate without valid credentials or bypass security controls, then execute commands on the firewall itself, potentially disrupting or redirecting traffic to manufacturing systems.

Prerequisites

Network access to the RUGGEDCOM APE1808 firewall management or service ports
No valid credentials required—multiple vulnerabilities enable authentication bypass
Device must be running an affected FortiOS version (which includes all currently deployed RUGGEDCOM APE1808 units)

remotely exploitableno authentication required (bypass possible)low complexityactively exploited (KEV)affects network security controls protecting OT systemsall versions vulnerablepatch may not yet be available

Exploitability

Actively exploited — confirmed by CISA KEV

Affected products (1)

ProductAffected VersionsFix Status

RUGGEDCOM APE1808All versions7.4.9 or later

Remediation & Mitigation

0/4

Do now

0/3

HOTFIXUpdate FortiOS on RUGGEDCOM APE1808 to version 7.4.9 or later following Siemens secure update procedures

HARDENINGIsolate or restrict network access to RUGGEDCOM APE1808 management interfaces using network segmentation (VLANs, access lists, or firewall rules) to limit who can reach the device

WORKAROUNDContact Siemens customer support immediately for guidance on patch availability and interim protective measures

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

WORKAROUNDMonitor FortiOS security notifications from Fortinet for upstream fixes that Siemens will incorporate into RUGGEDCOM updates

CVEs (21)

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/444e971c-7215-476f-9ef1-b54c1cb31ea7