PatchSiren cyber security CVE debrief
CVE-2025-40887 Siemens CVE debrief
A SQL injection vulnerability in the Alert functionality of Siemens RUGGEDCOM APE1808 allows authenticated users with limited privileges to execute arbitrary SELECT statements against the application's database, potentially exposing unauthorized data. The vulnerability stems from improper input validation on an Alert-related parameter. This is a network-accessible vulnerability requiring low privileges but is rated medium severity due to high attack complexity. The issue was initially disclosed on August 12, 2025, and subsequently incorporated into a broader Siemens security advisory (SSA-978177) that was republished by CISA on January 14, 2026. A vendor fix is available requiring upgrade to Nozomi Guardian/CMC V25.4.0, with CLI-based upgrade recommended over web GUI.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-01-14
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-01-14
Who should care
Organizations operating Siemens RUGGEDCOM APE1808 industrial networking equipment, particularly in critical infrastructure environments. Security teams responsible for OT/ICS asset protection, database administrators managing backend systems for industrial applications, and compliance officers tracking CVE remediation for regulatory frameworks.
Technical summary
The vulnerability exists in the Alert functionality where an input parameter lacks proper validation, permitting SQL injection. An authenticated attacker with limited privileges can craft malicious input to execute arbitrary SELECT statements against the backend DBMS. This is a read-only injection vector (no INSERT/UPDATE/DELETE indicated) limiting immediate integrity impact, but enabling unauthorized data exfiltration. The CVSS 3.1 vector (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) reflects network accessibility, high attack complexity, low privilege requirements, and high confidentiality impact with no integrity or availability impact. The affected product is the Siemens RUGGEDCOM APE1808 industrial networking platform. Remediation requires upgrading to Nozomi Guardian/CMC V25.4.0, with CLI-based upgrade recommended due to potential web GUI errors during the process.
Defensive priority
medium
Recommended defensive actions
- Apply vendor fix by upgrading Nozomi Guardian/CMC to V25.4.0 using CLI rather than web GUI to avoid potential errors
- Implement internal firewall rules to restrict access to the web management interface
- Review and audit all accounts with web management access, removing unnecessary accounts
- Contact Siemens customer support to obtain specific patch and update information for your environment
- Monitor database query logs for anomalous SELECT statements that may indicate exploitation attempts
Evidence notes
Vulnerability description and remediation details sourced from CISA CSAF advisory ICSA-25-226-09, which republishes Siemens ProductCERT advisory SSA-978177. CVSS vector confirms network attack vector with high complexity and low privilege requirements. Vendor fix specifies upgrade to V25.4.0 with CLI recommendation.
Official resources
-
CVE-2025-40887 CVE record
CVE.org
-
CVE-2025-40887 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12