Full Report
Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version of Fortigate NGFW for RUGGEDCOM APE1808 and recommends to update to the latest version. Siemens recommends to consult and implement the workarounds provided in Fortinet’s upstream security notifications.
Analysis Summary
Based on the provided context regarding Siemens Security Advisory SSA-698820, here is the summarized vulnerability information. Note that the provided text lists multiple underlying Fortinet CVEs impacting the Siemens product; the summary below synthesizes the critical and explicitly described details, focusing where information is available.
# Vulnerability: Multiple FortiOS Vulnerabilities Affecting RUGGEDCOM APE1808
## CVE Details
This advisory covers multiple CVEs from Fortinet upstream advisories. Specific details are only provided for two in the text:
- **CVE ID:** CVE-2023-46720
- **CVSS Score:** 6.7 (Medium, based on the provided vector)
- **CWE:** CWE-121: Stack-based Buffer Overflow
- **CVE ID:** CVE-2023-50176
- **CVSS Score:** 7.5 (High, based on the provided vector)
- **CWE:** CWE-384: Session Fixation Vulnerability
*(Note: Other affected CVEs listed are CVE-2024-21754, CVE-2024-23111, CVE-2024-26010, CVE-2024-26006, CVE-2024-26015, CVE-2024-36505, CVE-2024-33510, CVE-2024-26011, CVE-2025-47295, CVE-2024-50568, CVE-2024-26008, and CVE-2024-47570. Specific scores/details are not summarized here as they were truncated.)*
## Affected Systems
- **Products:** Siemens RUGGEDCOM APE1808 devices running Fortinet NGFW firmware.
- **Versions:** All versions featuring Fortinet NGFW prior to V7.4.4.
- **Configurations:** Specific impact varies based on underlying CVE, but includes issues related to CLI commands and SAML authentication.
## Vulnerability Description
The advisory aggregates multiple vulnerabilities stemming from the underlying FortiOS firmware running on the RUGGEDCOM APE1808.
* **CVE-2023-46720 (Stack-based Buffer Overflow):** Allows an attacker to execute unauthorized code or commands via specially crafted CLI commands. Affects FortiOS versions 7.4.0-7.4.1, 7.2.0-7.2.7, 7.0.0-7.0.12, 6.4.6-6.4.15, 6.2.9-6.2.16, and 6.0.13-6.0.18.
* **CVE-2023-50176 (Session Fixation):** Allows an attacker to execute unauthorized code or commands via phishing a SAML authentication link. Affects FortiOS versions 7.4.0-7.4.3, 7.2.0-7.2.7, and 7.0.0-7.0.13.
* **CVE-2024-21754 (Password Hash Weakness):** Use of a password hash with insufficient computational effort.
* **CVE-2025-47295 (Buffer Over-read):** May allow a remote unauthenticated attacker to crash the FGFM daemon.
## Exploitation
- **Status:** For CVE-2024-21754, the text explicitly states **E:P** (Exploitation Possible/Evidence of Exploit Presence) in the CVSS vector section for a related impact. Status for other CVEs is not explicitly stated as 'Exploited in the wild'.
- **Complexity:** Varies per CVE. CVE-2023-46720 appears to require Local access (AV:L) and High privileges (PR:H). CVE-2023-50176 requires user interaction (UI:R) but Network access (AV:N).
- **Attack Vector:** Varies (Network, Local).
## Impact
Impact varies by specific CVE, but key impacts noted include:
- **Confidentiality:** High (for several flaws, notably CVE-2023-50176).
- **Integrity:** High (for several flaws, notably CVE-2023-50176).
- **Availability:** High (for CVE-2023-46720); Low (for potential crash in CVE-2025-47295).
## Remediation
### Patches
- **Action:** Siemens has released a new version of Fortigate NGFW fixing these issues. Customers must **Update Fortigate NGFW to V7.4.4** or greater.
- **Availability:** Customers need to **Contact customer support to receive patch and update information** specific to the RUGGEDCOM APE1808.
### Workarounds
Siemens explicitly recommends consulting and implementing the workarounds provided in the upstream Fortinet security notifications. Specific mitigations noted are:
* **For CVE-2024-26006:** Disable SSL-VPN web-mode.
* **For CVE-2024-26010:** For each interface, remove the `fgfm` access restriction.
## Detection
- **Indicators of Compromise:** Not explicitly detailed in the summary provided.
- **Detection Methods and Tools:** Customers are advised to follow the General Security Recommendations in the advisory, which includes configuring the environment according to Siemens' operational guidelines for Industrial Security.
## References
- Fortinet PSIRT Advisories: `https://www.fortiguard.com/psirt` (Defanged)
- Siemens Advisory SSA-698820 Link (Main Document): `https://cert-portal.siemens.com/productcert/html/ssa-698820.html` (Defanged)
- Fortinet Workaround for CVE-2024-26006: `https://fortiguard.fortinet.com/psirt/FG-IR-23-485` (Defanged)
- Fortinet Workaround for CVE-2024-26010: `https://www.fortiguard.com/psirt/FG-IR-24-036` (Defanged)
- Siemens Industrial Security Guidelines: `https://www.siemens.com/cert/operational-guidelines-industrial-security` (Defanged)