PatchSiren cyber security CVE debrief
CVE-2024-46665 Siemens CVE debrief
CVE-2024-46665 is a low-severity information disclosure issue affecting Siemens RUGGEDCOM APE1808. According to the supplied CISA/Siemens advisory corpus, an attacker in a man-in-the-middle position may be able to recover the RADIUS accounting server shared secret by intercepting accounting-requests. The advisory was published on 2025-02-11 and republished/updated on 2026-03-12. No CISA KEV listing is present in the supplied data.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- LOW 3.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-02-11
- Original CVE updated
- 2026-03-12
- Advisory published
- 2025-02-11
- Advisory updated
- 2026-03-12
Who should care
Siemens RUGGEDCOM APE1808 operators, OT network administrators, and security teams responsible for environments that use RADIUS accounting across potentially interceptable network paths.
Technical summary
The advisory maps CVE-2024-46665 to CWE-201 (insertion of sensitive information into sent data). The supplied CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N, reflecting a network-reachable confidentiality issue that requires a man-in-the-middle position and does not impact integrity or availability. The risk centers on exposure of the RADIUS accounting server shared secret from intercepted accounting traffic.
Defensive priority
Low overall, but worth prompt verification in OT environments that rely on RADIUS accounting and have weaker segmentation or untrusted transit paths.
Recommended defensive actions
- Confirm whether Siemens RUGGEDCOM APE1808 devices in your environment are running affected versions and using RADIUS accounting.
- Follow the Siemens/CISA advisory guidance for remediation; the supplied corpus states to update to the vendor-provided fix and contact customer support for patch and update information.
- Review network segmentation and other defense-in-depth controls around accounting and management traffic paths, using CISA industrial control system recommended practices as a baseline.
- After remediation, validate that credential- or secret-bearing traffic is not exposed to passive interception on intermediate network segments.
Evidence notes
The supplied CISA CSAF advisory (ICSA-25-044-06) identifies Siemens RUGGEDCOM APE1808 as the affected product and includes the published/modified dates used here: 2025-02-11 and 2026-03-12. The corpus also includes Siemens ProductCERT references, the CISA advisory page, the official CVE record, CWE-201, and the CVSS calculator link. One notable source inconsistency is that the vulnerability description text names FortiOS/FortiGate even though the advisory title and affected product are Siemens RUGGEDCOM APE1808; this debrief preserves that discrepancy rather than resolving it without additional evidence.
Official resources
-
CVE-2024-46665 CVE record
CVE.org
-
CVE-2024-46665 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the CISA CSAF advisory on 2025-02-11 and republished/updated on 2026-03-12. The supplied data does not list this CVE in CISA KEV.