ICSA-24-074-11 · Published 2026-01-14 · View on CISA ICS-CERT ↗

Siemens RUGGEDCOM APE1808 with Fortigate NGFW Devices

CVSS 9.8 CRITICAL CISA KEV — Known Exploited

CVEs (43)

CVE-2022-39948 CVE-2022-41327 CVE-2022-41328 CVE-2022-41329 CVE-2022-41330 CVE-2022-41334 CVE-2022-42469 CVE-2022-42474 CVE-2022-42476 CVE-2022-43947 CVE-2022-43953 CVE-2022-45861 CVE-2023-22639 CVE-2023-22640 CVE-2023-22641 CVE-2023-25610 CVE-2023-26207 CVE-2023-28001 CVE-2023-28002 CVE-2023-29175 CVE-2023-29178 CVE-2023-29179 CVE-2023-29180 CVE-2023-29181 CVE-2023-29183 CVE-2023-29184 CVE-2023-33301 CVE-2023-33305 CVE-2023-33306 CVE-2023-33307 CVE-2023-33308 CVE-2023-36555 CVE-2023-36639 CVE-2023-36641 CVE-2023-37930 CVE-2023-37935 CVE-2023-40718 CVE-2023-41675 CVE-2023-41841 CVE-2023-45584 CVE-2024-26009 CVE-2025-47294 CVE-2025-62631

Remediations

Update Fortigate NGFW to V7.4.1. Contact customer support to receive patch and update information.
Disable HTTP/HTTPS administrative interface OR Limit IP addresses that can reach the administrative interface (see https://www.fortiguard.com/psirt/FG-IR-23-001)
Disable HTTP/2 support on SSL inspection profiles used by proxy policies or firewall policies with proxy mode (see https://www.fortiguard.com/psirt/FG-IR-23-183)

Affected Vendors

Siemens

Affected Products (1)

Siemens · RUGGEDCOM APE1808 vers:all/*

Affected Sectors

Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more