PatchSiren cyber security CVE debrief
CVE-2022-47629 Siemens CVE debrief
CVE-2022-47629 is a critical integer overflow vulnerability in Libksba versions prior to 1.6.3, specifically affecting the CRL (Certificate Revocation List) signature parser. The vulnerability was published on April 9, 2024, and most recently modified on May 13, 2025. Siemens RUGGEDCOM APE1808 devices are affected through this upstream dependency. The vulnerability carries a CVSS 3.1 score of 9.8 (Critical), indicating network-exploitable, low-complexity attacks that can result in complete confidentiality, integrity, and availability compromise without requiring authentication or user interaction. CISA's advisory ICSA-24-102-04, first published April 9, 2024, tracks this vulnerability among multiple upstream components affecting the RUGGEDCOM APE1808 platform. Siemens has issued security advisory SSA-455250 addressing this issue. A vendor fix is available requiring upgrade to Palo Alto Networks Virtual NGFW V11.1.2-h3; customers must contact Siemens customer support to obtain patch and update information. The advisory has undergone seven revisions, with the most recent update on May 13, 2025 adding CVE-2025-0127 to the tracked vulnerabilities.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-13
- Original CVE updated
- 2024-02-13
- Advisory published
- 2024-02-13
- Advisory updated
- 2024-02-13
Who should care
Organizations operating Siemens RUGGEDCOM APE1808 industrial networking devices, particularly those deployed in critical infrastructure environments processing X.509 certificates and CRLs. Security teams responsible for OT/ICS asset management, certificate authority infrastructure operators, and compliance officers tracking CISA ICS advisories for regulated industrial sectors.
Technical summary
Integer overflow in Libksba CRL signature parser (CVE-2022-47629) enables potential remote code execution or denial of service through crafted certificate revocation list data. Affects Siemens RUGGEDCOM APE1808 via upstream dependency chain. Fixed in Libksba 1.6.3; Siemens remediation requires Palo Alto NGFW V11.1.2-h3 upgrade obtained through customer support.
Defensive priority
critical
Recommended defensive actions
- Contact Siemens customer support to obtain patch and update information for upgrading Palo Alto Networks Virtual NGFW to version V11.1.2-h3 on affected RUGGEDCOM APE1808 devices
- Review Siemens security advisory SSA-455250 for detailed technical guidance and additional affected product information
- Apply defense-in-depth strategies for industrial control systems as recommended by CISA, including network segmentation and access controls
- Monitor CISA ICS advisories for future updates to ICSA-24-102-04, which has been revised seven times since initial publication
- Verify Libksba version on any systems processing CRL signatures and upgrade to version 1.6.3 or later where applicable
Evidence notes
Vulnerability description sourced from CISA CSAF advisory ICSA-24-102-04. Affected product (Siemens RUGGEDCOM APE1808) and vendor confirmed via CSAF product tree with high confidence. Remediation details extracted from CSAF remediations section. CVSS vector and score from source item metadata. Timeline derived from CSAF revision history and CVE published/modified dates.
Official resources
-
CVE-2022-47629 CVE record
CVE.org
-
CVE-2022-47629 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09