PatchSiren cyber security CVE debrief
CVE-2023-50176 Siemens CVE debrief
A session fixation vulnerability in Fortinet FortiOS affects Siemens RUGGEDCOM APE1808 deployments that incorporate Fortinet NGFW components. The vulnerability exists in FortiOS versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, and 7.0.0 through 7.0.13. An attacker can exploit this weakness by delivering a phishing link that leverages SAML authentication to hijack a user's session, potentially enabling execution of unauthorized code or commands. The attack requires user interaction and network access but does not require authentication or elevated privileges. Siemens has addressed this upstream vulnerability in the RUGGEDCOM APE1808 product line by releasing a fix that updates the Fortigate NGFW component to version 7.4.4. Organizations should contact Siemens customer support to obtain patch and update information. The vulnerability was published on July 9, 2024, and was subsequently added to the CISA ICS advisory in December 2024 as part of ongoing tracking of upstream component vulnerabilities affecting industrial control systems.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-07-09
- Original CVE updated
- 2026-01-14
- Advisory published
- 2024-07-09
- Advisory updated
- 2026-01-14
Who should care
Organizations operating Siemens RUGGEDCOM APE1808 platforms with Fortinet NGFW components, industrial control system administrators, security teams responsible for OT/ICS environments, and personnel managing SAML-based single sign-on implementations in critical infrastructure settings.
Technical summary
The vulnerability stems from improper session handling in Fortinet FortiOS SAML authentication implementations. When a user clicks a crafted phishing link, an attacker can fixate or hijack the authentication session, bypassing normal security controls. The attack complexity is rated high due to the need for user interaction and specific timing conditions, but successful exploitation yields complete system compromise with high impact to confidentiality, integrity, and availability. The fix involves updating the Fortigate NGFW component to version 7.4.4, which properly validates and protects SAML authentication sessions.
Defensive priority
high
Recommended defensive actions
- Contact Siemens customer support to obtain the Fortigate NGFW V7.4.4 patch for RUGGEDCOM APE1808 systems
- Review SAML authentication configurations and implement additional verification controls where possible
- Train users to recognize and report phishing attempts targeting authentication workflows
- Monitor for anomalous session behavior and unauthorized administrative actions on affected systems
- Apply network segmentation to limit exposure of SAML authentication endpoints
- Review CISA ICS recommended practices for defense-in-depth strategies applicable to industrial control environments
Evidence notes
The CVE description identifies this as a session fixation vulnerability in Fortinet FortiOS affecting multiple version branches. The CISA CSAF advisory ICSA-24-193-02 documents this as an upstream vulnerability affecting Siemens RUGGEDCOM APE1808, with remediation requiring update to Fortigate NGFW V7.4.4. The CVSS vector indicates network attack vector, high attack complexity, no privileges required, user interaction required, and high impacts to confidentiality, integrity, and availability.
Official resources
-
CVE-2023-50176 CVE record
CVE.org
-
CVE-2023-50176 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
published