Summary
Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version.
The following versions of Siemens RUGGEDCOM APE1808 Devices are affected:
- RUGGEDCOM APE1808 vers:all/*, vers:all/* (CVE-2026-24858, CVE-2025-55018, CVE-2025-62439, CVE-2025-64157)
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 9.8 | Siemens | Siemens RUGGEDCOM APE1808 Devices | Inconsistent Interpretation of HTTP Requests (‘HTTP Request/Response Smuggling’), Improper Verification of Source of a Communication Channel, Use of Externally-Controlled Format String, Authentication Bypass Using an Alternate Path or Channel |
Background
- Critical Infrastructure Sectors: Critical Manufacturing, Energy, Transportation Systems
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: Germany
Vulnerabilities
CVE-2025-55018
An inconsistent interpretation of http requests (‘http request smuggling’) vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request through the firewall policies via a specially crafted header
Affected Products
Siemens RUGGEDCOM APE1808 Devices
Siemens
RUGGEDCOM APE1808
known_affected
Remediations
Vendor fix
Update Fortigate NGFW to V7.4.10 or later version. Contact customer support to receive patch and update information.
Mitigation
For more information see the associated Siemens security advisory SSA-975644 in HTML https://cert-portal.siemens.com/productcert/html/ssa-975644.html
Mitigation
For more information see the associated Siemens security advisory SSA-975644 in CSAF https://cert-portal.siemens.com/productcert/csaf/ssa-975644.json
Relevant CWE: CWE-444 Inconsistent Interpretation of HTTP Requests (‘HTTP Request/Response Smuggling’)
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 5.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N |
CVE-2025-62439
An inconsistent interpretation of http requests (‘http request smuggling’) vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request through the firewall policies via a specially crafted header.
Affected Products
Siemens RUGGEDCOM APE1808 Devices
Siemens
RUGGEDCOM APE1808
known_affected
Remediations
Vendor fix
Update Fortigate NGFW to V7.4.10 or later version with FSSO TS Agent version 5.0 build 0324 or later versi
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: