Full Report
Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
Analysis Summary
# Vulnerability: Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808
## CVE Details
*This advisory covers 40+ CVEs. Key high-severity identifiers include:*
- **CVE ID:** CVE-2023-33308
- **CVSS Score:** 9.8 (Critical)
- **CWE:** CWE-121 (Stack-based Buffer Overflow)
- **CVE ID:** CVE-2023-33305
- **CVSS Score:** 4.9 (Medium)
- **CWE:** CWE-835 (Loop with Unreachable Exit Condition)
- **CVE ID:** CVE-2023-33306 / CVE-2023-33307
- **CVSS Score:** 6.5 (Medium)
- **CWE:** CWE-476 (NULL Pointer Dereference)
## Affected Systems
- **Products:** Siemens RUGGEDCOM APE1808 (Application Processing Engine)
- **Versions:** All versions hosting Fortinet Next-Generation Firewall (NGFW) prior to V7.4.1.
- **Configurations:** Systems utilizing SSL-VPN, proxy policies, or firewall policies with deep/full packet inspection are at elevated risk.
## Vulnerability Description
The primary critical flaw (**CVE-2023-33308**) is a stack-based buffer overflow within FortiOS. It occurs when the system processes specially crafted packets through proxy or firewall policies that have deep or full packet inspection enabled. Other listed vulnerabilities include NULL pointer dereferences in the SSL-VPN component leading to service crashes and infinite loops in HTTP request handling causing Denial of Service (DoS).
## Exploitation
- **Status:** Mitigation details imply these are known vulnerabilities; however, specific "in-the-wild" exploitation status for the RUGGEDCOM implementation is not explicitly confirmed in the text.
- **Complexity:** Low (for primary critical vectors)
- **Attack Vector:** Network (Remote unauthenticated access for CVE-2023-33308)
## Impact
- **Confidentiality:** High (Potential for arbitrary code execution)
- **Integrity:** High
- **Availability:** High (Service crashes and infinite loops)
## Remediation
### Patches
- **Update to Fortigate NGFW V7.4.1:** Siemens recommends updating the Fortigate instance on the RUGGEDCOM APE1808 to version 7.4.1 or later.
- **Action:** Contact Siemens Customer Support to receive specific patch and update instructions.
### Workarounds
- **Management Interface:** Disable HTTP/HTTPS administrative interfaces or use Local In-Policy to limit IP addresses that can reach the administrative interface (specifically for CVE-2023-25610).
- **Inspection Settings:** For CVE-2023-33308, consider disabling deep/full packet inspection on proxy policies if an immediate update is not possible.
## Detection
- **Indicators of Compromise:** Unexpected reboots of the SSL-VPN service or the NGFW instance; unusual traffic patterns targeting administrative ports.
- **Detection methods:** Monitor system logs for stack overflow signatures or NULL pointer dereference errors. Use network intrusion detection systems (IDS) to flag malformed packets targeting proxy policies.
## References
- Siemens Security Advisory SSA-366067: hxxps://cert-portal.siemens.com/productcert/pdf/ssa-366067.pdf
- Fortiguard PSIRT Advisory: hxxps://www.fortiguard.com/psirt
- Siemens ProductCERT: hxxps://cert-portal.siemens.com/productcert/html/ssa-366067.html