Full Report
Fortinet has published information on vulnerabilities in FortiOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version.
Analysis Summary
# Vulnerability: Multiple FortiOS Vulnerabilities Affecting Siemens RUGGEDCOM APE1808
## CVE Details
This advisory covers multiple FortiOS vulnerabilities. Specific CVEs and their associated CVSS scores mentioned in the provided text snippet include:
| CVE ID | CVSS v3.1 Score | Severity | CWE |
| :--- | :--- | :--- | :--- |
| CVE-2025-58325 | 8.2 | High | CWE-684 (Incorrect Provision of Specified Functionality) |
| CVE-2025-22252 | Not explicitly scored | N/A | N/A (Relates to ASCII authentication reuse) |
| CVE-2024-3596 | Not explicitly scored | N/A | N/A |
| Other identified CVEs (e.g., CVE-2024-46670, CVE-2023-27997, etc.) | Not all scores provided in snippet | Varies | Varies |
*Note: CVSS v4.0 score of 9.1 is mentioned in the summary, but specific mapping to individual CVEs is incomplete.*
## Affected Systems
- **Products:** Siemens RUGGEDCOM APE1808 devices running Fortinet NGFW firmware.
- **Versions:** All versions of RUGGEDCOM APE1808 utilizing Fortinet NGFW versions:
- `< V7.4.5` (Affected by a large set of CVEs, including CVE-2024-46670 series)
- `< V7.4.7` (Affected by another set of CVEs, including CVE-2022-42475, CVE-2023-27997, etc.)
- Configured to use **ASCII authentication** and running `< V7.4.7` (Affected by CVE-2025-22252)
- `< V7.4.6` (Affected by CVE-2024-3596 and associated CVEs)
- **Configurations:** Specific configurations mentioned include ASCII authentication being used.
## Vulnerability Description
The advisory details multiple security vulnerabilities originating from Fortinet's FortiOS platform, which impact RUGGEDCOM APE1808 devices utilizing affected NGFW versions.
- **CVE-2025-58325:** An Incorrect Provision of Specified Functionality vulnerability in various FortiOS versions (including 7.4.0 through 7.4.5) allows a **local authenticated attacker** to execute system commands via crafted CLI commands.
- **CVE-2025-22252:** Affects systems running versions `< V7.4.7` configured to use **ASCII authentication**. This vulnerability allows session reuse associated with a terminated admin account via possession of the SAML record of a user session.
- **CVE-2024-3596:** Affects versions `< V7.4.6`.
*Note: Detailed technical descriptions for all 17+ listed CVEs are not fully provided in the excerpt.*
## Exploitation
- **Status:** The excerpt does not definitively state if vulnerabilities are exploited in the wild, but the presence of older CVEs (like CVE-2022-42475, CVE-2023-27997) suggests a high likelihood of exploit code existing for some flaws.
- **Complexity (Based on CVE-2025-58325):** Low (CVSS vector AV:L/AC:L suggests Local access, Low attack complexity). High (CVSS vector in snippet is AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H, indicating high impact from a low complexity local attack requiring high privileges PR:H).
- **Attack Vector (Based on CVE-2025-58325):** Local (AV:L).
- **CVE-2025-22252:** Implies network vector as it relates to SAML record possession, though context is missing.
## Impact
(Impact derived primarily from CVE-2025-58325, which shows the highest documented impact metrics in the snippet):
- **Confidentiality (CVE-2025-58325):** High (C:H)
- **Integrity (CVE-2025-58325):** High (I:H)
- **Availability (CVE-2025-58325):** High (A:H)
## Remediation
### Patches
- Siemens strongly recommends updating the underlying Fortigate NGFW to **Version V7.4.7** across all affected RUGGEDCOM APE1808 installations.
- For specific patch/update information, customers must **contact Siemens customer support**.
### Workarounds
- For CVE-2024-3596: Use **RADIUS over TLS (RADSEC)** instead of standard configuration if running versions `< V7.4.6`.
- Implement further recommendations provided in the "Workarounds and Mitigations" section of the full Siemens advisory.
- Consult and implement workarounds provided in Fortinet's upstream security notifications.
## Detection
- **Indicators of Compromise:** Not explicitly listed in the summary excerpt.
- **Detection methods and tools:** Customers should monitor for indicators related to successful exploitation of arbitrary system command execution via the CLI (for CVE-2025-58325) or unauthorized session re-use (for CVE-2025-22252). Subscribe to Fortinet's public RSS feed for security alerts ([defanged: https://filestore.fortinet.com/fortiguard/rss/ir.xml](https://filestore.fortinet.com/fortiguard/rss/ir.xml)).
## References
- Siemens Advisory SSA-770770: [defanged: https://cert-portal.siemens.com/productcert/html/ssa-770770.html]
- Fortinet PSIRT Information: [defanged: https://www.fortiguard.com/psirt]
- Fortinet Security Alerts RSS Feed: [defanged: https://filestore.fortinet.com/fortiguard/rss/ir.xml]
- Siemens CERT Advisories Page: [defanged: https://www.siemens.com/cert/advisories]