Full Report
Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
Analysis Summary
# Vulnerability: Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808
## CVE Details
- **CVE ID:** Multiple (30+ identifiers including CVE-2023-38545, CVE-2024-23113, CVE-2025-54822, CVE-2024-40593, etc.)
- **CVSS Score:** Up to 9.8 (Critical)
- **CWE:** Various, including CWE-285 (Improper Authorization), CWE-522 (Insufficiently Protected Credentials), and others related to FortiOS.
## Affected Systems
- **Products:** Siemens RUGGEDCOM APE1808 (Industrial Application Hosting Platform).
- **Versions:** All versions using Fortinet Next-Generation Firewall (NGFW) versions prior to V7.4.3.
- **Configurations:** Systems with captive portal enabled are specifically highlighted as vulnerable to a subset of these CVEs (e.g., CVE-2023-42789).
## Vulnerability Description
This advisory addresses a cumulative list of security flaws discovered in the upstream Fortinet FortiOS software integrated into Siemens RUGGEDCOM APE1808 devices. The flaws range from improper authorization (allowing authenticated attackers to access files of other Virtual Domains/VDOMs) to credential protection issues and remote code execution risks inherent in older versions of the Fortigate NGFW.
## Exploitation
- **Status:** Various; some components of FortiOS vulnerabilities have historically seen PoC availability or active scans.
- **Complexity:** Low to Medium (depending on the specific CVE).
- **Attack Vector:** Primarily Network (Remote) or Local, depending on the specific flaw.
## Impact
- **Confidentiality:** High (Potential access to sensitive files and VDOM data).
- **Integrity:** High (Potential for unauthorized configuration changes).
- **Availability:** High (Potential for denial-of-service or system takeover).
## Remediation
### Patches
- **Update:** Siemens recommends updating the integrated Fortigate NGFW to **V7.4.3** or later.
- **Action:** Users should contact Siemens customer support to receive the specific patch and update instructions for the RUGGEDCOM APE1808 platform.
### Workarounds
- **CVE-2023-42789 / CVE-2023-42790:** Set a non-form-based authentication scheme.
- **CVE-2024-23113:** Remove **fgfm** access for each interface.
- **General:** Implement defense-in-depth and ensure devices are not exposed to untrusted networks.
## Detection
- **Indicators of Compromise:** Monitor for unauthorized login attempts or unusual HTTP/HTTPS requests directed at VDOM resources.
- **Detection methods and tools:** Audit Fortigate logs for administrative changes and monitor traffic on the FortiGate Federation Management (fgfm) port.
## References
- Siemens Advisory: [https://cert-portal.siemens.com/productcert/pdf/ssa-832273.pdf]
- Fortinet PSIRT: [https://www.fortiguard.com/psirt]
- Fortinet RSS Feed: [https://filestore.fortinet.com/fortiguard/rss/ir.xml]