PatchSiren cyber security CVE debrief
CVE-2025-40886 Siemens CVE debrief
A SQL injection vulnerability exists in the Alert functionality of Siemens RUGGEDCOM APE1808. An authenticated attacker with limited privileges can execute arbitrary SQL statements against the backend database, potentially leading to unauthorized data exposure, data modification, or availability impacts. The vulnerability stems from improper input validation on an Alert-related parameter. This issue was disclosed on August 12, 2025, and carries a HIGH severity CVSS 7.5 score. A vendor fix is available requiring upgrade to Nozomi Guardian/CMC V25.4.0, with CLI-based upgrade recommended due to potential Web GUI errors during the process.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-01-14
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-01-14
Who should care
Organizations operating Siemens RUGGEDCOM APE1808 industrial networking equipment, particularly those using Nozomi Guardian/CMC for monitoring. Critical infrastructure operators in energy, transportation, and manufacturing sectors where RUGGEDCOM devices are deployed. Security teams responsible for OT/ICS asset protection and database integrity.
Technical summary
The Alert functionality in Siemens RUGGEDCOM APE1808 fails to properly validate an input parameter, enabling SQL injection. An authenticated user with limited privileges can inject arbitrary SQL into database queries. This allows read access to unauthorized data, modification of database structure/content, and potential availability impacts on the DBMS. Network attack vector with high attack complexity; requires low-privileged authenticated access. CVSS 3.1: 7.5 (HIGH).
Defensive priority
HIGH
Recommended defensive actions
- Apply vendor fix: upgrade Nozomi Guardian/CMC to V25.4.0 using CLI (Web GUI may error during upgrade). Contact Siemens customer support for patch and update information.
- Restrict network access to the web management interface using internal firewall features.
- Review and audit all accounts with web management interface access; remove unnecessary accounts.
- Monitor database query logs for anomalous SQL execution patterns from authenticated sessions.
- Implement defense-in-depth controls per CISA ICS recommended practices for industrial control systems.
Evidence notes
CVE published 2025-08-12; modified 2026-01-14. CISA CSAF advisory ICSA-25-226-09 republished Siemens ProductCERT SSA-978177. Affected product: RUGGEDCOM APE1808. CVSS 3.1 vector: AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H.
Official resources
-
CVE-2025-40886 CVE record
CVE.org
-
CVE-2025-40886 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12