Full Report
Palo Alto Networks has published [1] information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available. [1] https://security.paloaltonetworks.com/
Analysis Summary
# Vulnerability: Multiple Vulnerabilities in Palo Alto Networks PAN-OS on RUGGEDCOM APE1808
## CVE Details
- **CVE IDs:** Primary focus on CVE-2024-0012, CVE-2024-9474, CVE-2025-0130, CVE-2025-0137 (among others listed in the advisory).
- **CVSS Score:** 10.0 (Critical) / CVSS v4.0: 9.3
- **CWE:** CWE-754 (Improper Check for Unusual Conditions), CWE-83 (Improper Neutralization of Script in Attributes), and others depending on the specific CVE.
## Affected Systems
- **Products:** Siemens RUGGEDCOM APE1808.
- **Versions:** All versions utilizing Palo Alto Networks Virtual NGFW (Next-Generation Firewall).
- **Configurations:**
- Systems with GlobalProtect gateway configured (CVE-2024-2550).
- Systems with DNS Security logging enabled.
- Systems with LLDP enabled (Mode: transmit-receive or receive-only).
- Systems using SAML Authentication for GlobalProtect portals.
- Management web interface access enabled.
## Vulnerability Description
This advisory covers a suite of vulnerabilities within the PAN-OS software running on Siemens industrial hardware. Key flaws include:
- **CVE-2025-0130:** An improper input handling flaw where maliciously crafted packets can cause the firewall to become unresponsive, reboot, or enter maintenance mode (Denial of Service).
- **CVE-2025-0137:** An improper input neutralization flaw in the management interface allowing an authenticated read-write administrator to impersonate other legitimate administrators.
- **Critical Management Interface Vulnerabilities:** Earlier entries (CVE-2024-0012/CVE-2024-9474) involve unauthorized access or privilege escalation via the management web interface.
## Exploitation
- **Status:** CVE-2024-0012 and CVE-2024-9474 have been observed being exploited in the wild.
- **Complexity:** Varies from Low to Medium depending on the specific CVE.
- **Attack Vector:** Network (most cases).
## Impact
- **Confidentiality:** High (Potential for full system compromise or administrator impersonation).
- **Integrity:** High (Modification of firewall rules and system settings).
- **Availability:** High (Potential for permanent Denial of Service/Maintenance Mode loops).
## Remediation
### Patches
- **Palo Alto Networks Virtual NGFW:** Upgrade to **V11.1.8** or later.
- **Action:** Users are advised to contact Siemens customer support directly to receive specific patch and update information for the RUGGEDCOM APE1808 integration.
### Workarounds
- **Restrict Access:** Isolate the PAN-OS management interface. Ensure it is not accessible from the internet.
- **Service Disablement:** Disable unused features such as LLDP or specific GlobalProtect configurations if not required for operations.
- **Authentication:** Use strong multi-factor authentication for all administrative accounts.
## Detection
- **Indicators of Compromise:** Monitor for unexpected reboots or the device entering "Maintenance Mode" without operator intervention.
- **Detection Methods:**
- Review PAN-OS system logs for unauthorized administrative logins or impersonation attempts.
- Utilize Palo Alto Networks' threat signatures and automated detection tools for their NGFW products.
## References
- **Siemens Security Advisory:** hxxps://cert-portal.siemens.com/productcert/html/ssa-354569.html
- **Palo Alto Networks Security Advisories:** hxxps://security.paloaltonetworks.com/
- **Palo Alto RSS Feed:** hxxps://security.paloaltonetworks.com/rss.xml
- **Siemens ProductCERT:** hxxps://www.siemens.com/cert/advisories