CVE-2025-3719 Siemens CVE debrief

Who should care

Organizations operating Siemens RUGGEDCOM APE1808 devices in industrial and critical infrastructure environments, particularly those with multi-user CLI access configurations. Security teams responsible for ICS/OT network segmentation and access control should prioritize this vulnerability due to its HIGH severity and potential for operational disruption.

Technical summary

The vulnerability exists in the command-line interface (CLI) functionality where a specific access restriction is not properly enforced for users with limited privileges. Authentication is required, but once authenticated, low-privilege users can issue administrative CLI commands that should be restricted. The attack vector is network-accessible with low attack complexity. The vulnerability results in no confidentiality impact but high integrity and availability impact, as attackers can modify device configurations or affect system availability. The fix involves upgrading to Nozomi Guardian/CMC V25.4.0, with vendor support contact required for patch acquisition.

Defensive priority

HIGH

Recommended defensive actions

• Upgrade Nozomi Guardian/CMC to V25.4.0 using CLI method due to potential Web GUI errors during upgrade process
• Implement internal firewall rules to restrict access to the web management interface
• Audit and remove unnecessary accounts with web management interface access
• Apply defense-in-depth strategies for industrial control systems per CISA guidance
• Monitor CLI access logs for unauthorized administrative command execution by non-privileged accounts

Evidence notes

CVE description and CISA CSAF advisory ICSA-25-226-09 confirm CLI access control bypass allowing limited-privilege users to execute administrative commands. CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H sourced from advisory. Vendor fix specified as upgrade to V25.4.0 with CLI upgrade method recommended.

Official resources