PatchSiren cyber security CVE debrief
CVE-2020-25658 Siemens CVE debrief
CVE-2020-25658 is a Bleichenbacher timing attack vulnerability in python-rsa, a pure-Python RSA implementation. The flaw allows an attacker to decrypt portions of RSA-encrypted ciphertext by exploiting timing variations in the RSA decryption API. This vulnerability was originally disclosed in 2020 but was added to the CISA ICS advisory ICSA-24-102-04 on April 9, 2024, as part of a broader security update for Siemens RUGGEDCOM APE1808 devices. The advisory was subsequently modified multiple times through May 13, 2025, to incorporate additional upstream vulnerabilities and remediation guidance. Siemens has issued a vendor fix requiring upgrade to Palo Alto Networks Virtual NGFW V11.1.2-h3 for affected RUGGEDCOM APE1808 deployments configured with this component. The CVSS 3.1 vector indicates network attack vector with low attack complexity, no privileges required, and high confidentiality impact.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2025-05-13
- Advisory published
- 2024-04-09
- Advisory updated
- 2025-05-13
Who should care
Organizations operating Siemens RUGGEDCOM APE1808 industrial networking devices with Palo Alto Networks Virtual NGFW configurations should prioritize this vulnerability. Security teams responsible for OT/ICS environments, cryptographic implementations, and side-channel attack mitigations should assess exposure. Developers using python-rsa for RSA operations should evaluate migration to constant-time cryptographic libraries.
Technical summary
The python-rsa library implements RSA encryption in pure Python without constant-time operations for decryption, making it vulnerable to Bleichenbacher's million message attack. An attacker with network access to an application using python-rsa's RSA decryption API can send crafted ciphertexts and measure decryption timing to iteratively recover plaintext. The attack exploits the PKCS#1 v1.5 padding oracle created by timing variations in modular exponentiation and padding validation. This vulnerability specifically affects Siemens RUGGEDCOM APE1808 devices when configured with Palo Alto Networks Virtual NGFW, where python-rsa may be used for cryptographic operations. The vendor remediation requires upgrading the NGFW component to version 11.1.2-h3.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade Palo Alto Networks Virtual NGFW to V11.1.2-h3 on affected RUGGEDCOM APE1808 devices per vendor guidance
- Contact Siemens customer support to obtain patch and update information for affected deployments
- Review network segmentation for RUGGEDCOM APE1808 devices to limit exposure of RSA decryption operations
- Monitor for anomalous timing patterns in RSA decryption API usage that may indicate exploitation attempts
- Apply defense-in-depth controls per CISA ICS recommended practices for industrial control systems
Evidence notes
CVE published 2024-04-09 per CISA CSAF advisory ICSA-24-102-04; modified 2025-05-13. Original python-rsa vulnerability from 2020. Siemens RUGGEDCOM APE1808 affected when configured with Palo Alto Networks Virtual NGFW. Vendor fix requires upgrade to V11.1.2-h3.
Official resources
-
CVE-2020-25658 CVE record
CVE.org
-
CVE-2020-25658 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09