PatchSiren cyber security CVE debrief
CVE-2025-4619 Siemens CVE debrief
A denial-of-service vulnerability in Palo Alto Networks PAN-OS software, as deployed on Siemens RUGGEDCOM APE1808 devices, enables unauthenticated attackers to reboot the firewall via a specially crafted dataplane packet. Repeated exploitation can force the device into maintenance mode, causing sustained service disruption. The vulnerability was disclosed in CISA advisory ICSA-24-193-11 on 2024-07-09 and subsequently added to the advisory in Revision 7 on 2026-01-13. Siemens has published a vendor security advisory (SSA-364175) with remediation guidance.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-07-09
- Original CVE updated
- 2026-01-14
- Advisory published
- 2024-07-09
- Advisory updated
- 2026-01-14
Who should care
Organizations operating Siemens RUGGEDCOM APE1808 devices with Palo Alto Networks Virtual NGFW deployments, particularly in critical infrastructure and industrial control system environments where firewall availability is essential for network segmentation and security enforcement.
Technical summary
The vulnerability exists in Palo Alto Networks PAN-OS software running on Siemens RUGGEDCOM APE1808 industrial networking devices. An unauthenticated attacker can send a specially crafted packet through the dataplane to trigger a firewall reboot. Repeated successful attacks cause the firewall to enter maintenance mode, resulting in persistent denial of service. The CVSS 3.1 score of 7.5 (HIGH) reflects network attack vector, low attack complexity, no required privileges or user interaction, and high availability impact with no confidentiality or integrity impact.
Defensive priority
HIGH
Recommended defensive actions
- Apply vendor fix: Upgrade Palo Alto Networks Virtual NGFW to version V11.1.4-h1 on affected RUGGEDCOM APE1808 devices; contact customer support for patch and update information
- Implement network segmentation: Restrict access to networks where RADIUS messages are exchanged, using management networks or dedicated VLANs
- Configure RADIUS security: Require Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it
- Review SSH configuration: Ensure in-use SSH profiles contain at least one cipher and one MAC algorithm, removing support for CHACHA20-POLY1305 and Encrypt-then-MAC algorithms
- Monitor for anomalous reboot patterns and maintenance mode entries that may indicate exploitation attempts
Evidence notes
The vulnerability description and remediation details are sourced from CISA CSAF advisory ICSA-24-193-11, which republishes Siemens ProductCERT advisory SSA-364175. The advisory was initially published on 2024-07-09 and most recently modified on 2026-01-14. The CVE was added to this advisory in Revision 7 dated 2026-01-13.
Official resources
-
CVE-2025-4619 CVE record
CVE.org
-
CVE-2025-4619 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-07-09