Full Report
Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version.
Analysis Summary
# Vulnerability: Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices
## CVE Details
- **CVE ID:** CVE-2026-24858
- **CVSS Score:** 9.8 (Critical)
- **CWE:** CWE-288 (Authentication Bypass Using an Alternate Path or Channel)
- **CVE ID:** CVE-2025-64157
- **CVSS Score:** 6.7 (Medium)
- **CWE:** CWE-134 (Use of Externally-Controlled Format String)
- **CVE ID:** CVE-2025-55018
- **CVSS Score:** 5.8 (Medium)
- **CWE:** CWE-444 (Inconsistent Interpretation of HTTP Requests)
- **CVE ID:** CVE-2025-62439
- **CVSS Score:** 4.2 (Medium)
- **CWE:** CWE-940 (Improper Verification of Source of a Communication Channel)
## Affected Systems
- **Products:** Siemens RUGGEDCOM APE1808 (Application Hosting Platform)
- **Versions:** All versions hosting Fortinet Next-Generation Firewall (NGFW):
- FortiOS < V7.4.11 (Affected by CVE-2026-24858)
- FortiOS < V7.4.10 (Affected by CVE-2025-55018, CVE-2025-64157, CVE-2025-62439)
- **Configurations:**
- **CVE-2026-24858:** FortiCloud SSO authentication must be enabled.
- **CVE-2025-62439:** Systems utilizing FSSO (Fortinet Single Sign-On) policy configurations.
## Vulnerability Description
The RUGGEDCOM APE1808 hosts Fortinet software that contains several security flaws:
1. **Critical Auth Bypass (CVE-2026-24858):** A flaw in the FortiCloud SSO implementation allows an attacker with a valid FortiCloud account and a registered device to log into other devices registered to different accounts.
2. **Format String Flaw (CVE-2025-64157):** An authenticated administrator can execute unauthorized code or commands via specially crafted configurations.
3. **HTTP Request Smuggling (CVE-2025-55018):** Inconsistent interpretation of HTTP requests allows an unauthenticated attacker to smuggle unlogged requests through firewall policies.
4. **Source Verification Flaw (CVE-2025-62439):** An authenticated user with knowledge of FSSO configurations can gain unauthorized access to protected network resources.
## Exploitation
- **Status:** No information provided regarding exploitation in the wild or PoC availability.
- **Complexity:**
- **Low:** CVE-2026-24858, CVE-2025-55018, CVE-2025-64157.
- **High:** CVE-2025-62439.
- **Attack Vector:**
- **Network:** CVE-2026-24858, CVE-2025-55018.
- **Local:** CVE-2025-64157, CVE-2025-62439.
## Impact
- **Confidentiality:** High (Critical bypass and command execution)
- **Integrity:** High (Unauthorized configuration and smuggling)
- **Availability:** High (Potential for code execution leading to system crashes)
## Remediation
### Patches
Siemens recommends updating the Fortigate NGFW on the RUGGEDCOM APE1808 to the following versions:
- **Updating to V7.4.11 or later:** Addresses all listed CVEs including the critical CVE-2026-24858.
- **Updating to V7.4.10 or later:** Addresses CVE-2025-55018 and CVE-2025-64157.
- **Special Requirement for CVE-2025-62439:** Update to V7.4.10 and ensure **FSSO TS Agent is version 5.0 build 0324** or later.
*Note: Users should contact Siemens customer support to receive specific patch and update instructions.*
### Workarounds
- Protect network access to devices with appropriate security mechanisms (e.g., VLANs, physical isolation).
- Follow Siemens’ operational guidelines for Industrial Security.
- Consult [Fortinet’s upstream PSIRT notifications] for specific software-level mitigations.
## Detection
- Monitor logs for unauthorized logins via FortiCloud SSO.
- Inspect HTTP traffic for malformed headers indicative of smuggling attempts.
- Audit configuration changes made by administrative accounts for unauthorized format string injections.
## References
- Siemens Advisory: hxxps://cert-portal.siemens[.]com/productcert/pdf/ssa-975644.pdf
- Fortinet PSIRT: hxxps://www.fortiguard[.]com/psirt
- Siemens Industrial Security Guidelines: hxxps://www.siemens[.]com/cert/operational-guidelines-industrial-security