Critical Authentication Bypass and Smuggling Flaws Impact Siemens RUGGEDCOM APE1808
Take action: If you use RUGGEDCOM APE1808 devices with FortiOS, this is now urgent and important. The most critical item is a Fortinet flaw, and Fortinet is very much targeted by hackers. Update to version 7.4.11 ASAP. Isolation is not really a solution for a firewall that's designed operate between an insecure and secure networks.
Learn More
Siemens has reported four security vulnerabilities affecting its RUGGEDCOM APE1808 devices, which integrate Fortinet's FortiOS software. These flaws, originally identified in Fortinet products, impact industrial environments across critical manufacturing, energy, and transportation sectors worldwide.
Vulnerabilities summary:
- CVE-2026-24858 (CVSS score 9.8) - An authentication bypass vulnerability that occurs when FortiCloud SSO is enabled on a device. An attacker with a valid FortiCloud account and a registered device can use an alternate path to log into other registered devices belonging to different accounts. This allows full unauthorized access to the management interface of the affected RUGGEDCOM APE1808.
- CVE-2025-55018 (CVSS score 5.8) - An inconsistent interpretation of HTTP requests, known as HTTP request smuggling, within the firewall policy engine. By sending specially crafted headers, an unauthenticated attacker can smuggle unlogged HTTP requests through the firewall. This bypasses security logging and policy enforcement for the smuggled traffic.
- CVE-2025-62439 (CVSS score 4.2) - A vulnerability involving improper verification of the communication channel source that enables HTTP request smuggling. Similar to other smuggling flaws, it allows unauthenticated actors to transmit hidden requests through the security perimeter. This can lead to unauthorized access to internal resources that the firewall is intended to protect.
- CVE-2025-64157 (CVSS score 6.7) - A format string vulnerability that exists when the system processes externally-controlled configuration data. An authenticated administrator can use specifically crafted configuration strings to trigger the flaw and run unauthorized code or commands. This allows for privilege escalation or persistent system compromise by an already authenticated user.
RUGGEDCOM APE1808 devices serve as critical secure computing platforms at the network edge. Successful exploitation of the critical authentication bypass could lead to a total takeover of the industrial network appliance.
The vulnerabilities affect all versions of Siemens RUGGEDCOM APE1808 devices that use the integrated Fortigate Next-Generation Firewall (NGFW). Siemens has confirmed that the underlying issues reside in the FortiOS versions running on the APE1808 module.
Siemens and Fortinet recommend that administrators update the integrated Fortigate NGFW to version 7.4.11 or later to resolve all identified flaws. For organizations unable to patch immediately, CISA suggests isolating control system networks from the internet and using secure VPNs for remote access.
