{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to a crafted packet through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de corrupci\u00f3n de memoria en el software PAN-OS de Palo Alto Networks permite que un atacante no autenticado bloquee PAN-OS debido a un paquete creado a trav\u00e9s del plano de datos, lo que genera una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Los intentos repetidos de activar esta condici\u00f3n har\u00e1n que PAN-OS entre en modo de mantenimiento."
    }
  ],
  "id": "CVE-2024-9468",
  "lastModified": "2024-10-10T12:51:56.987",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "YES",
          "Recovery": "USER",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "HIGH",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "AMBER",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "CONCENTRATED",
          "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:L/U:Amber",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "LOW"
        },
        "source": "psirt@paloaltonetworks.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-10-09T17:15:20.637",
  "references": [
    {
      "source": "psirt@paloaltonetworks.com",
      "url": "https://security.paloaltonetworks.com/CVE-2024-9468"
    }
  ],
  "sourceIdentifier": "psirt@paloaltonetworks.com",
  "vulnStatus": "Undergoing Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "psirt@paloaltonetworks.com",
      "type": "Secondary"
    }
  ]
}

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Palo Alto Networks has published [1] information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities.\n\nSiemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Customers are advised to consult and implement the workarounds provided in Palo Alto Networks\u0027 upstream security notifications.\n\n[1] \nhttps://security.paloaltonetworks.com/",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productcert@siemens.com",
      "name": "Siemens ProductCERT",
      "namespace": "https://www.siemens.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-364175: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Devices Before V11.1.4-h1 - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-364175.html"
      },
      {
        "category": "self",
        "summary": "SSA-364175: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Devices Before V11.1.4-h1 - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-364175.json"
      }
    ],
    "title": "SSA-364175: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Devices Before V11.1.4-h1",
    "tracking": {
      "current_release_date": "2025-07-08T00:00:00Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      },
      "id": "SSA-364175",
      "initial_release_date": "2024-07-09T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-07-09T00:00:00Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        },
        {
          "date": "2024-08-13T00:00:00Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added newly published CVE-2024-5913 and CVE-2024-3596"
        },
        {
          "date": "2024-10-08T00:00:00Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "Added CVE-2023-48795, CVE-2024-3596, CVE-2024-5913 and fix version information for Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 devices"
        },
        {
          "date": "2024-11-12T00:00:00Z",
          "legacy_version": "1.3",
          "number": "4",
          "summary": "Added newly published CVE-2024-9468 and CVE-2024-9471. Added CVSSv4.0 vector to CVE-2024-5913"
        },
        {
          "date": "2024-12-10T00:00:00Z",
          "legacy_version": "1.4",
          "number": "5",
          "summary": "Added newly published CVE-2024-5920"
        },
        {
          "date": "2025-04-08T00:00:00Z",
          "legacy_version": "1.5",
          "number": "6",
          "summary": "Added newly published CVE-2025-0114"
        },
        {
          "date": "2025-07-08T00:00:00Z",
          "legacy_version": "1.6",
          "number": "7",
          "summary": "Added newly published CVE-2025-4231"
        }
      ],
      "status": "final",
      "version": "7"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "RUGGEDCOM APE1808",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "RUGGEDCOM APE1808",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "RUGGEDCOM APE1808",
                  "product_id": "3"
                }
              }
            ],
            "category": "product_name",
            "name": "RUGGEDCOM APE1808"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-48795",
      "cwe": {
        "id": "CWE-222",
        "name": "Truncation of Security-relevant Information"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-48795"
    },
    {
      "cve": "CVE-2024-3596",
      "cwe": {
        "id": "CWE-924",
        "name": "Improper Enforcement of Message Integrity During Transmission in a Communication Channel"
      },
      "notes": [
        {
          "category": "summary",
          "text": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify responses Access-Reject or Access-Accept using a chosen-prefix collision attack against MD5 Response Authenticator signature.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "2"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "mitigation",
          "details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
          "product_ids": [
            "2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "2"
          ]
        }
      ],
      "title": "CVE-2024-3596"
    },
    {
      "cve": "CVE-2024-5913",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "2"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "mitigation",
          "details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
          "product_ids": [
            "2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "2"
          ]
        }
      ],
      "title": "CVE-2024-5913"
    },
    {
      "cve": "CVE-2024-5920",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a legitimate PAN-OS administrator who can perform restricted actions on the PAN-OS node after the execution of JavaScript in the legitimate PAN-OS administrator\u0027s browser.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "2"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "mitigation",
          "details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
          "product_ids": [
            "2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.4,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "2"
          ]
        }
      ],
      "title": "CVE-2024-5920"
    },
    {
      "cve": "CVE-2024-9468",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to a crafted packet through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "2"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "mitigation",
          "details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
          "product_ids": [
            "2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "2"
          ]
        }
      ],
      "title": "CVE-2024-9468"
    },
    {
      "cve": "CVE-2024-9471",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with \"Virtual system administrator (read-only)\" access could use an XML API key of a \"Virtual system administrator\" to perform write operations on the virtual system configuration even though they should be limited to read-only operations.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "2"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "mitigation",
          "details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
          "product_ids": [
            "2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "2"
          ]
        }
      ],
      "title": "CVE-2024-9471"
    },
    {
      "cve": "CVE-2025-0114",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A Denial of Service (DoS) vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software enables an unauthenticated attacker to render the service unavailable by sending a large number of specially crafted packets over a period of time. This issue affects both the GlobalProtect portal and the GlobalProtect gateway.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "3"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
          "product_ids": [
            "3"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
          "product_ids": [
            "3"
          ]
        },
        {
          "category": "mitigation",
          "details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
          "product_ids": [
            "3"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
          "product_ids": [
            "3"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "3"
          ]
        }
      ],
      "title": "CVE-2025-0114"
    },
    {
      "cve": "CVE-2025-4231",
      "cwe": {
        "id": "CWE-77",
        "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A command injection vulnerability in Palo Alto Networks PAN-OS\u00ae enables an authenticated administrative user to perform actions as the root user.\r\nThe attacker must have network access to the management web interface and successfully authenticate to exploit this issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "2"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Exposure can be reduced by limiting access to the management interface to trusted internal IP addresses as described in \nPalo Alto Networks\u0027 Security Advisory",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "mitigation",
          "details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "mitigation",
          "details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
          "product_ids": [
            "2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "2"
          ]
        }
      ],
      "title": "CVE-2025-4231"
    }
  ]
}

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Palo Alto Networks has published [1] information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities.\n\nSiemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Customers are advised to consult and implement the workarounds provided in Palo Alto Networks\u0027 upstream security notifications.\n\n[1] \nhttps://security.paloaltonetworks.com/",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productcert@siemens.com",
      "name": "Siemens ProductCERT",
      "namespace": "https://www.siemens.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-364175: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Devices Before V11.1.4-h1 - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-364175.html"
      },
      {
        "category": "self",
        "summary": "SSA-364175: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Devices Before V11.1.4-h1 - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-364175.json"
      }
    ],
    "title": "SSA-364175: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Devices Before V11.1.4-h1",
    "tracking": {
      "current_release_date": "2025-07-08T00:00:00Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      },
      "id": "SSA-364175",
      "initial_release_date": "2024-07-09T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-07-09T00:00:00Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        },
        {
          "date": "2024-08-13T00:00:00Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added newly published CVE-2024-5913 and CVE-2024-3596"
        },
        {
          "date": "2024-10-08T00:00:00Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "Added CVE-2023-48795, CVE-2024-3596, CVE-2024-5913 and fix version information for Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 devices"
        },
        {
          "date": "2024-11-12T00:00:00Z",
          "legacy_version": "1.3",
          "number": "4",
          "summary": "Added newly published CVE-2024-9468 and CVE-2024-9471. Added CVSSv4.0 vector to CVE-2024-5913"
        },
        {
          "date": "2024-12-10T00:00:00Z",
          "legacy_version": "1.4",
          "number": "5",
          "summary": "Added newly published CVE-2024-5920"
        },
        {
          "date": "2025-04-08T00:00:00Z",
          "legacy_version": "1.5",
          "number": "6",
          "summary": "Added newly published CVE-2025-0114"
        },
        {
          "date": "2025-07-08T00:00:00Z",
          "legacy_version": "1.6",
          "number": "7",
          "summary": "Added newly published CVE-2025-4231"
        }
      ],
      "status": "final",
      "version": "7"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "RUGGEDCOM APE1808",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "RUGGEDCOM APE1808",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "RUGGEDCOM APE1808",
                  "product_id": "3"
                }
              }
            ],
            "category": "product_name",
            "name": "RUGGEDCOM APE1808"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-48795",
      "cwe": {
        "id": "CWE-222",
        "name": "Truncation of Security-relevant Information"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-48795"
    },
    {
      "cve": "CVE-2024-3596",
      "cwe": {
        "id": "CWE-924",
        "name": "Improper Enforcement of Message Integrity During Transmission in a Communication Channel"
      },
      "notes": [
        {
          "category": "summary",
          "text": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify responses Access-Reject or Access-Accept using a chosen-prefix collision attack against MD5 Response Authenticator signature.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "2"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "mitigation",
          "details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
          "product_ids": [
            "2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "2"
          ]
        }
      ],
      "title": "CVE-2024-3596"
    },
    {
      "cve": "CVE-2024-5913",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "2"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "mitigation",
          "details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
          "product_ids": [
            "2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "2"
          ]
        }
      ],
      "title": "CVE-2024-5913"
    },
    {
      "cve": "CVE-2024-5920",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a legitimate PAN-OS administrator who can perform restricted actions on the PAN-OS node after the execution of JavaScript in the legitimate PAN-OS administrator\u0027s browser.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "2"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "mitigation",
          "details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
          "product_ids": [
            "2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.4,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "2"
          ]
        }
      ],
      "title": "CVE-2024-5920"
    },
    {
      "cve": "CVE-2024-9468",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to a crafted packet through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "2"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "mitigation",
          "details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
          "product_ids": [
            "2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "2"
          ]
        }
      ],
      "title": "CVE-2024-9468"
    },
    {
      "cve": "CVE-2024-9471",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with \"Virtual system administrator (read-only)\" access could use an XML API key of a \"Virtual system administrator\" to perform write operations on the virtual system configuration even though they should be limited to read-only operations.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "2"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "mitigation",
          "details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
          "product_ids": [
            "2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "2"
          ]
        }
      ],
      "title": "CVE-2024-9471"
    },
    {
      "cve": "CVE-2025-0114",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A Denial of Service (DoS) vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software enables an unauthenticated attacker to render the service unavailable by sending a large number of specially crafted packets over a period of time. This issue affects both the GlobalProtect portal and the GlobalProtect gateway.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "3"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
          "product_ids": [
            "3"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
          "product_ids": [
            "3"
          ]
        },
        {
          "category": "mitigation",
          "details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
          "product_ids": [
            "3"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
          "product_ids": [
            "3"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "3"
          ]
        }
      ],
      "title": "CVE-2025-0114"
    },
    {
      "cve": "CVE-2025-4231",
      "cwe": {
        "id": "CWE-77",
        "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A command injection vulnerability in Palo Alto Networks PAN-OS\u00ae enables an authenticated administrative user to perform actions as the root user.\r\nThe attacker must have network access to the management web interface and successfully authenticate to exploit this issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "2"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Exposure can be reduced by limiting access to the management interface to trusted internal IP addresses as described in \nPalo Alto Networks\u0027 Security Advisory",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "mitigation",
          "details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "mitigation",
          "details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
          "product_ids": [
            "2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "2"
          ]
        }
      ],
      "title": "CVE-2025-4231"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cortex XSOAR versions ant\u00e9rieures \u00e0 6.12.0 (Build 1271551)",
      "product": {
        "name": "Cortex XSOAR",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.0 ant\u00e9rieures \u00e0 11.0.6",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.2.9-x ant\u00e9rieures \u00e0 10.2.9-h11",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Expedition versions ant\u00e9rieures \u00e0 1.2.96",
      "product": {
        "name": "Expedition",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions ant\u00e9rieures \u00e0 6.2.5 sur Windows",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.2.10-x ant\u00e9rieures \u00e0 10.2.10-h4",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Agent versions ant\u00e9rieures \u00e0 7.9.102-CE sur Windows",
      "product": {
        "name": "Cortex XDR Agent",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.0.4-x ant\u00e9rieures \u00e0 11.0.4-h5",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Agent versions 8.4.x ant\u00e9rieures \u00e0 8.4.1 sur Windows",
      "product": {
        "name": "Cortex XDR Agent",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.2 ant\u00e9rieures \u00e0 10.2.11",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.1 ant\u00e9rieures \u00e0 11.1.3",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access Browser versions ant\u00e9rieures \u00e0 129.101.2913.3",
      "product": {
        "name": "Prisma Access",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.1 ant\u00e9rieures \u00e0 10.1.11",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Agent versions 8.3.x ant\u00e9rieures \u00e0 8.3.1 sur Windows",
      "product": {
        "name": "Cortex XDR Agent",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-9468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9468"
    },
    {
      "name": "CVE-2024-8909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8909"
    },
    {
      "name": "CVE-2024-9603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9603"
    },
    {
      "name": "CVE-2024-8905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8905"
    },
    {
      "name": "CVE-2024-7025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7025"
    },
    {
      "name": "CVE-2024-8906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8906"
    },
    {
      "name": "CVE-2024-9123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9123"
    },
    {
      "name": "CVE-2024-8907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8907"
    },
    {
      "name": "CVE-2024-9469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9469"
    },
    {
      "name": "CVE-2024-9471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9471"
    },
    {
      "name": "CVE-2024-9370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9370"
    },
    {
      "name": "CVE-2024-9470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9470"
    },
    {
      "name": "CVE-2024-9463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9463"
    },
    {
      "name": "CVE-2024-9602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9602"
    },
    {
      "name": "CVE-2024-9467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9467"
    },
    {
      "name": "CVE-2024-9122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9122"
    },
    {
      "name": "CVE-2024-9464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9464"
    },
    {
      "name": "CVE-2024-9121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9121"
    },
    {
      "name": "CVE-2024-8904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8904"
    },
    {
      "name": "CVE-2024-9369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9369"
    },
    {
      "name": "CVE-2024-9120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9120"
    },
    {
      "name": "CVE-2024-9465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9465"
    },
    {
      "name": "CVE-2024-9466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9466"
    },
    {
      "name": "CVE-2024-9473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9473"
    },
    {
      "name": "CVE-2024-8908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8908"
    }
  ],
  "initial_release_date": "2024-10-10T00:00:00",
  "last_revision_date": "2024-10-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0859",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-10-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
  "vendor_advisories": [
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2024-0010",
      "url": "https://security.paloaltonetworks.com/PAN-SA-2024-0010"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2024-0011",
      "url": "https://security.paloaltonetworks.com/PAN-SA-2024-0011"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CPATR-23347",
      "url": "https://security.paloaltonetworks.com/CVE-2024-9469"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks GPC-19493 et GPC-21211",
      "url": "https://security.paloaltonetworks.com/CVE-2024-9473"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-244840",
      "url": "https://security.paloaltonetworks.com/CVE-2024-9468"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-217511 et PAN-152631",
      "url": "https://security.paloaltonetworks.com/CVE-2024-9471"
    },
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CRTX-105114",
      "url": "https://security.paloaltonetworks.com/CVE-2024-9470"
    }
  ]
}

{
  "affected": [],
  "aliases": [
    "CVE-2024-9468"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-09T17:15:20Z",
    "severity": "HIGH"
  },
  "details": "A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to a crafted packet through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode.",
  "id": "GHSA-84mp-4xjv-gqwj",
  "modified": "2024-10-09T18:31:43Z",
  "published": "2024-10-09T18:31:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9468"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2024-9468"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:L/U:Amber",
      "type": "CVSS_V4"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "PAN-OS ist das Betriebssystem der Sicherheitssysteme / Firewalls der Firma Palo Alto Networks.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in PaloAlto Networks PAN-OS ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren und sich erh\u00f6hte Rechte zu erlangen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3130 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3130.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3130 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3130"
      },
      {
        "category": "external",
        "summary": "Palo Alto Networks Security Advisories vom 2024-10-09",
        "url": "https://security.paloaltonetworks.com/CVE-2024-9468"
      },
      {
        "category": "external",
        "summary": "Palo Alto Networks Security Advisories vom 2024-10-09",
        "url": "https://security.paloaltonetworks.com/CVE-2024-9471"
      }
    ],
    "source_lang": "en-US",
    "title": "PaloAlto Networks PAN-OS: Mehrere Schwachstellen erm\u00f6glichen Denial of Service und Privilegieneskalation",
    "tracking": {
      "current_release_date": "2024-10-09T22:00:00.000+00:00",
      "generator": {
        "date": "2024-10-10T10:42:04.790+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.8"
        }
      },
      "id": "WID-SEC-W-2024-3130",
      "initial_release_date": "2024-10-09T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-10-09T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c10.2.9-h11",
                "product": {
                  "name": "PaloAlto Networks PAN-OS \u003c10.2.9-h11",
                  "product_id": "T038191"
                }
              },
              {
                "category": "product_version",
                "name": "10.2.9-h11",
                "product": {
                  "name": "PaloAlto Networks PAN-OS 10.2.9-h11",
                  "product_id": "T038191-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:paloaltonetworks:pan-os:10.2.9-h11"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.2.10-h4",
                "product": {
                  "name": "PaloAlto Networks PAN-OS \u003c10.2.10-h4",
                  "product_id": "T038192"
                }
              },
              {
                "category": "product_version",
                "name": "10.2.10-h4",
                "product": {
                  "name": "PaloAlto Networks PAN-OS 10.2.10-h4",
                  "product_id": "T038192-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:paloaltonetworks:pan-os:10.2.10-h4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.2.11",
                "product": {
                  "name": "PaloAlto Networks PAN-OS \u003c10.2.11",
                  "product_id": "T038193"
                }
              },
              {
                "category": "product_version",
                "name": "10.2.11",
                "product": {
                  "name": "PaloAlto Networks PAN-OS 10.2.11",
                  "product_id": "T038193-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:paloaltonetworks:pan-os:10.2.11"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c11.0.4-h5",
                "product": {
                  "name": "PaloAlto Networks PAN-OS \u003c11.0.4-h5",
                  "product_id": "T038194"
                }
              },
              {
                "category": "product_version",
                "name": "11.0.4-h5",
                "product": {
                  "name": "PaloAlto Networks PAN-OS 11.0.4-h5",
                  "product_id": "T038194-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:paloaltonetworks:pan-os:11.0.4-h5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c11.0.6",
                "product": {
                  "name": "PaloAlto Networks PAN-OS \u003c11.0.6",
                  "product_id": "T038195"
                }
              },
              {
                "category": "product_version",
                "name": "11.0.6",
                "product": {
                  "name": "PaloAlto Networks PAN-OS 11.0.6",
                  "product_id": "T038195-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:paloaltonetworks:pan-os:11.0.6"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c11.1.3",
                "product": {
                  "name": "PaloAlto Networks PAN-OS \u003c11.1.3",
                  "product_id": "T038196"
                }
              },
              {
                "category": "product_version",
                "name": "11.1.3",
                "product": {
                  "name": "PaloAlto Networks PAN-OS 11.1.3",
                  "product_id": "T038196-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:paloaltonetworks:pan-os:11.1.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c11.0.3",
                "product": {
                  "name": "PaloAlto Networks PAN-OS \u003c11.0.3",
                  "product_id": "T038197"
                }
              },
              {
                "category": "product_version",
                "name": "11.0.3",
                "product": {
                  "name": "PaloAlto Networks PAN-OS 11.0.3",
                  "product_id": "T038197-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:paloaltonetworks:pan-os:11.0.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.2.8",
                "product": {
                  "name": "PaloAlto Networks PAN-OS \u003c10.2.8",
                  "product_id": "T038198"
                }
              },
              {
                "category": "product_version",
                "name": "10.2.8",
                "product": {
                  "name": "PaloAlto Networks PAN-OS 10.2.8",
                  "product_id": "T038198-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:paloaltonetworks:pan-os:10.2.8"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.1.11",
                "product": {
                  "name": "PaloAlto Networks PAN-OS \u003c10.1.11",
                  "product_id": "T038199"
                }
              },
              {
                "category": "product_version",
                "name": "10.1.11",
                "product": {
                  "name": "PaloAlto Networks PAN-OS 10.1.11",
                  "product_id": "T038199-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:paloaltonetworks:pan-os:10.1.11"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "PAN-OS"
          }
        ],
        "category": "vendor",
        "name": "PaloAlto Networks"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-9468",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in PaloAlto Networks PAN-OS. Dieser Fehler besteht aufgrund eines Speicherkorruptionsproblems, das zu einem Absturz des PAN-OS-Systems f\u00fchrt. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, indem er speziell gestaltete Pakete \u00fcber die Datenebene sendet."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038195",
          "T038196",
          "T038197",
          "T038198",
          "T038191",
          "T038192",
          "T038193",
          "T038194",
          "T038199"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2024-9468"
    },
    {
      "cve": "CVE-2024-9471",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Palo Alto Networks PAN-OS innerhalb der XML-API. Ein entfernter, authentisierter Angreifer mit eingeschr\u00e4nkten Administratorrechten kann diese Schwachstelle ausnutzen, indem er einen kompromittierten XML-API-Schl\u00fcssel verwendet, um erweiterte Rechte zu erlangen, die \u00fcber das hinausgehen, was seine Rolle normalerweise erlaubt."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038197",
          "T038198",
          "T038199"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2024-9471"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "PAN-OS ist das Betriebssystem der Sicherheitssysteme / Firewalls der Firma Palo Alto Networks.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in PaloAlto Networks PAN-OS ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren und sich erh\u00f6hte Rechte zu erlangen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3130 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3130.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3130 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3130"
      },
      {
        "category": "external",
        "summary": "Palo Alto Networks Security Advisories vom 2024-10-09",
        "url": "https://security.paloaltonetworks.com/CVE-2024-9468"
      },
      {
        "category": "external",
        "summary": "Palo Alto Networks Security Advisories vom 2024-10-09",
        "url": "https://security.paloaltonetworks.com/CVE-2024-9471"
      }
    ],
    "source_lang": "en-US",
    "title": "PaloAlto Networks PAN-OS: Mehrere Schwachstellen erm\u00f6glichen Denial of Service und Privilegieneskalation",
    "tracking": {
      "current_release_date": "2024-10-09T22:00:00.000+00:00",
      "generator": {
        "date": "2024-10-10T10:42:04.790+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.8"
        }
      },
      "id": "WID-SEC-W-2024-3130",
      "initial_release_date": "2024-10-09T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-10-09T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c10.2.9-h11",
                "product": {
                  "name": "PaloAlto Networks PAN-OS \u003c10.2.9-h11",
                  "product_id": "T038191"
                }
              },
              {
                "category": "product_version",
                "name": "10.2.9-h11",
                "product": {
                  "name": "PaloAlto Networks PAN-OS 10.2.9-h11",
                  "product_id": "T038191-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:paloaltonetworks:pan-os:10.2.9-h11"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.2.10-h4",
                "product": {
                  "name": "PaloAlto Networks PAN-OS \u003c10.2.10-h4",
                  "product_id": "T038192"
                }
              },
              {
                "category": "product_version",
                "name": "10.2.10-h4",
                "product": {
                  "name": "PaloAlto Networks PAN-OS 10.2.10-h4",
                  "product_id": "T038192-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:paloaltonetworks:pan-os:10.2.10-h4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.2.11",
                "product": {
                  "name": "PaloAlto Networks PAN-OS \u003c10.2.11",
                  "product_id": "T038193"
                }
              },
              {
                "category": "product_version",
                "name": "10.2.11",
                "product": {
                  "name": "PaloAlto Networks PAN-OS 10.2.11",
                  "product_id": "T038193-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:paloaltonetworks:pan-os:10.2.11"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c11.0.4-h5",
                "product": {
                  "name": "PaloAlto Networks PAN-OS \u003c11.0.4-h5",
                  "product_id": "T038194"
                }
              },
              {
                "category": "product_version",
                "name": "11.0.4-h5",
                "product": {
                  "name": "PaloAlto Networks PAN-OS 11.0.4-h5",
                  "product_id": "T038194-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:paloaltonetworks:pan-os:11.0.4-h5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c11.0.6",
                "product": {
                  "name": "PaloAlto Networks PAN-OS \u003c11.0.6",
                  "product_id": "T038195"
                }
              },
              {
                "category": "product_version",
                "name": "11.0.6",
                "product": {
                  "name": "PaloAlto Networks PAN-OS 11.0.6",
                  "product_id": "T038195-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:paloaltonetworks:pan-os:11.0.6"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c11.1.3",
                "product": {
                  "name": "PaloAlto Networks PAN-OS \u003c11.1.3",
                  "product_id": "T038196"
                }
              },
              {
                "category": "product_version",
                "name": "11.1.3",
                "product": {
                  "name": "PaloAlto Networks PAN-OS 11.1.3",
                  "product_id": "T038196-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:paloaltonetworks:pan-os:11.1.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c11.0.3",
                "product": {
                  "name": "PaloAlto Networks PAN-OS \u003c11.0.3",
                  "product_id": "T038197"
                }
              },
              {
                "category": "product_version",
                "name": "11.0.3",
                "product": {
                  "name": "PaloAlto Networks PAN-OS 11.0.3",
                  "product_id": "T038197-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:paloaltonetworks:pan-os:11.0.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.2.8",
                "product": {
                  "name": "PaloAlto Networks PAN-OS \u003c10.2.8",
                  "product_id": "T038198"
                }
              },
              {
                "category": "product_version",
                "name": "10.2.8",
                "product": {
                  "name": "PaloAlto Networks PAN-OS 10.2.8",
                  "product_id": "T038198-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:paloaltonetworks:pan-os:10.2.8"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.1.11",
                "product": {
                  "name": "PaloAlto Networks PAN-OS \u003c10.1.11",
                  "product_id": "T038199"
                }
              },
              {
                "category": "product_version",
                "name": "10.1.11",
                "product": {
                  "name": "PaloAlto Networks PAN-OS 10.1.11",
                  "product_id": "T038199-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:paloaltonetworks:pan-os:10.1.11"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "PAN-OS"
          }
        ],
        "category": "vendor",
        "name": "PaloAlto Networks"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-9468",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in PaloAlto Networks PAN-OS. Dieser Fehler besteht aufgrund eines Speicherkorruptionsproblems, das zu einem Absturz des PAN-OS-Systems f\u00fchrt. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, indem er speziell gestaltete Pakete \u00fcber die Datenebene sendet."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038195",
          "T038196",
          "T038197",
          "T038198",
          "T038191",
          "T038192",
          "T038193",
          "T038194",
          "T038199"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2024-9468"
    },
    {
      "cve": "CVE-2024-9471",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Palo Alto Networks PAN-OS innerhalb der XML-API. Ein entfernter, authentisierter Angreifer mit eingeschr\u00e4nkten Administratorrechten kann diese Schwachstelle ausnutzen, indem er einen kompromittierten XML-API-Schl\u00fcssel verwendet, um erweiterte Rechte zu erlangen, die \u00fcber das hinausgehen, was seine Rolle normalerweise erlaubt."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038197",
          "T038198",
          "T038199"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2024-9471"
    }
  ]
}

{
  "document": {
    "acknowledgments": [
      {
        "organization": "Siemens ProductCERT",
        "summary": "reporting these vulnerabilities to CISA."
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Palo Alto Networks has published [1] information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities.\n\nSiemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Customers are advised to consult and implement the workarounds provided in Palo Alto Networks\u0027 upstream security notifications.\n\n[1] \nhttps://security.paloaltonetworks.com/",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
        "title": "Terms of Use"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "other",
        "text": "This ICSA is a verbatim republication of Siemens ProductCERT SSA-364175 from a direct conversion of their vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory.  Further, CISA does not endorse any commercial product or service.  Please contact Siemens ProductCERT directly for any questions regarding this advisory.",
        "title": "Advisory Conversion Disclaimer"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Germany",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-364175: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Devices Before V11.1.4-h1 - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-364175.json"
      },
      {
        "category": "self",
        "summary": "SSA-364175: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Devices Before V11.1.4-h1 - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-364175.html"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-24-193-11 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-193-11.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-24-193-11 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-11"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Siemens RUGGEDCOM APE 1808",
    "tracking": {
      "current_release_date": "2025-07-08T00:00:00.000000Z",
      "generator": {
        "date": "2025-07-10T15:44:54.101181Z",
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-24-193-11",
      "initial_release_date": "2024-07-09T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2024-07-09T00:00:00.000000Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        },
        {
          "date": "2024-08-13T00:00:00.000000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added newly published CVE-2024-5913 and CVE-2024-3596"
        },
        {
          "date": "2024-10-08T00:00:00.000000Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "Added CVE-2023-48795, CVE-2024-3596, CVE-2024-5913 and fix version information for Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 devices"
        },
        {
          "date": "2024-11-12T00:00:00.000000Z",
          "legacy_version": "1.3",
          "number": "4",
          "summary": "Added newly published CVE-2024-9468 and CVE-2024-9471. Added CVSSv4.0 vector to CVE-2024-5913"
        },
        {
          "date": "2024-12-10T00:00:00.000000Z",
          "legacy_version": "1.4",
          "number": "5",
          "summary": "Added newly published CVE-2024-5920"
        },
        {
          "date": "2025-04-08T00:00:00.000000Z",
          "legacy_version": "1.5",
          "number": "6",
          "summary": "Added newly published CVE-2025-0114"
        },
        {
          "date": "2025-07-08T00:00:00.000000Z",
          "legacy_version": "1.6",
          "number": "7",
          "summary": "Added newly published CVE-2025-4231"
        }
      ],
      "status": "final",
      "version": "7"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "RUGGEDCOM APE1808",
                  "product_id": "CSAFPID-0001"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "RUGGEDCOM APE1808",
                  "product_id": "CSAFPID-0002"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "RUGGEDCOM APE1808",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "RUGGEDCOM APE1808"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-48795",
      "cwe": {
        "id": "CWE-222",
        "name": "Truncation of Security-relevant Information"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-48795"
    },
    {
      "cve": "CVE-2024-3596",
      "cwe": {
        "id": "CWE-924",
        "name": "Improper Enforcement of Message Integrity During Transmission in a Communication Channel"
      },
      "notes": [
        {
          "category": "summary",
          "text": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify responses Access-Reject or Access-Accept using a chosen-prefix collision attack against MD5 Response Authenticator signature.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0002"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
          "product_ids": [
            "CSAFPID-0002"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0002"
          ]
        }
      ],
      "title": "CVE-2024-3596"
    },
    {
      "cve": "CVE-2024-5913",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0002"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
          "product_ids": [
            "CSAFPID-0002"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0002"
          ]
        }
      ],
      "title": "CVE-2024-5913"
    },
    {
      "cve": "CVE-2024-5920",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a legitimate PAN-OS administrator who can perform restricted actions on the PAN-OS node after the execution of JavaScript in the legitimate PAN-OS administrator\u0027s browser.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0002"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
          "product_ids": [
            "CSAFPID-0002"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.4,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0002"
          ]
        }
      ],
      "title": "CVE-2024-5920"
    },
    {
      "cve": "CVE-2024-9468",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to a crafted packet through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0002"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
          "product_ids": [
            "CSAFPID-0002"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0002"
          ]
        }
      ],
      "title": "CVE-2024-9468"
    },
    {
      "cve": "CVE-2024-9471",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with \"Virtual system administrator (read-only)\" access could use an XML API key of a \"Virtual system administrator\" to perform write operations on the virtual system configuration even though they should be limited to read-only operations.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0002"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
          "product_ids": [
            "CSAFPID-0002"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0002"
          ]
        }
      ],
      "title": "CVE-2024-9471"
    },
    {
      "cve": "CVE-2025-0114",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A Denial of Service (DoS) vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software enables an unauthenticated attacker to render the service unavailable by sending a large number of specially crafted packets over a period of time. This issue affects both the GlobalProtect portal and the GlobalProtect gateway.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0003"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
          "product_ids": [
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
          "product_ids": [
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
          "product_ids": [
            "CSAFPID-0003"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
          "product_ids": [
            "CSAFPID-0003"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0003"
          ]
        }
      ],
      "title": "CVE-2025-0114"
    },
    {
      "cve": "CVE-2025-4231",
      "cwe": {
        "id": "CWE-77",
        "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A command injection vulnerability in Palo Alto Networks PAN-OS\u00ae enables an authenticated administrative user to perform actions as the root user.\r\nThe attacker must have network access to the management web interface and successfully authenticate to exploit this issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0002"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Exposure can be reduced by limiting access to the management interface to trusted internal IP addresses as described in \nPalo Alto Networks\u0027 Security Advisory",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
          "product_ids": [
            "CSAFPID-0002"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0002"
          ]
        }
      ],
      "title": "CVE-2025-4231"
    }
  ]
}

{
  "document": {
    "acknowledgments": [
      {
        "organization": "Siemens ProductCERT",
        "summary": "reporting these vulnerabilities to CISA."
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Palo Alto Networks has published [1] information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities.\n\nSiemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Customers are advised to consult and implement the workarounds provided in Palo Alto Networks\u0027 upstream security notifications.\n\n[1] \nhttps://security.paloaltonetworks.com/",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
        "title": "Terms of Use"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "other",
        "text": "This ICSA is a verbatim republication of Siemens ProductCERT SSA-364175 from a direct conversion of their vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory.  Further, CISA does not endorse any commercial product or service.  Please contact Siemens ProductCERT directly for any questions regarding this advisory.",
        "title": "Advisory Conversion Disclaimer"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Germany",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-364175: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Devices Before V11.1.4-h1 - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-364175.json"
      },
      {
        "category": "self",
        "summary": "SSA-364175: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Devices Before V11.1.4-h1 - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-364175.html"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-24-193-11 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-193-11.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-24-193-11 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-11"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Siemens RUGGEDCOM APE 1808",
    "tracking": {
      "current_release_date": "2025-07-08T00:00:00.000000Z",
      "generator": {
        "date": "2025-07-10T15:44:54.101181Z",
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-24-193-11",
      "initial_release_date": "2024-07-09T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2024-07-09T00:00:00.000000Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        },
        {
          "date": "2024-08-13T00:00:00.000000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added newly published CVE-2024-5913 and CVE-2024-3596"
        },
        {
          "date": "2024-10-08T00:00:00.000000Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "Added CVE-2023-48795, CVE-2024-3596, CVE-2024-5913 and fix version information for Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 devices"
        },
        {
          "date": "2024-11-12T00:00:00.000000Z",
          "legacy_version": "1.3",
          "number": "4",
          "summary": "Added newly published CVE-2024-9468 and CVE-2024-9471. Added CVSSv4.0 vector to CVE-2024-5913"
        },
        {
          "date": "2024-12-10T00:00:00.000000Z",
          "legacy_version": "1.4",
          "number": "5",
          "summary": "Added newly published CVE-2024-5920"
        },
        {
          "date": "2025-04-08T00:00:00.000000Z",
          "legacy_version": "1.5",
          "number": "6",
          "summary": "Added newly published CVE-2025-0114"
        },
        {
          "date": "2025-07-08T00:00:00.000000Z",
          "legacy_version": "1.6",
          "number": "7",
          "summary": "Added newly published CVE-2025-4231"
        }
      ],
      "status": "final",
      "version": "7"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "RUGGEDCOM APE1808",
                  "product_id": "CSAFPID-0001"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "RUGGEDCOM APE1808",
                  "product_id": "CSAFPID-0002"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "RUGGEDCOM APE1808",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "RUGGEDCOM APE1808"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-48795",
      "cwe": {
        "id": "CWE-222",
        "name": "Truncation of Security-relevant Information"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-48795"
    },
    {
      "cve": "CVE-2024-3596",
      "cwe": {
        "id": "CWE-924",
        "name": "Improper Enforcement of Message Integrity During Transmission in a Communication Channel"
      },
      "notes": [
        {
          "category": "summary",
          "text": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify responses Access-Reject or Access-Accept using a chosen-prefix collision attack against MD5 Response Authenticator signature.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0002"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
          "product_ids": [
            "CSAFPID-0002"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0002"
          ]
        }
      ],
      "title": "CVE-2024-3596"
    },
    {
      "cve": "CVE-2024-5913",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0002"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
          "product_ids": [
            "CSAFPID-0002"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0002"
          ]
        }
      ],
      "title": "CVE-2024-5913"
    },
    {
      "cve": "CVE-2024-5920",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a legitimate PAN-OS administrator who can perform restricted actions on the PAN-OS node after the execution of JavaScript in the legitimate PAN-OS administrator\u0027s browser.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0002"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
          "product_ids": [
            "CSAFPID-0002"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.4,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0002"
          ]
        }
      ],
      "title": "CVE-2024-5920"
    },
    {
      "cve": "CVE-2024-9468",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to a crafted packet through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0002"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
          "product_ids": [
            "CSAFPID-0002"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0002"
          ]
        }
      ],
      "title": "CVE-2024-9468"
    },
    {
      "cve": "CVE-2024-9471",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with \"Virtual system administrator (read-only)\" access could use an XML API key of a \"Virtual system administrator\" to perform write operations on the virtual system configuration even though they should be limited to read-only operations.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0002"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
          "product_ids": [
            "CSAFPID-0002"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0002"
          ]
        }
      ],
      "title": "CVE-2024-9471"
    },
    {
      "cve": "CVE-2025-0114",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A Denial of Service (DoS) vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software enables an unauthenticated attacker to render the service unavailable by sending a large number of specially crafted packets over a period of time. This issue affects both the GlobalProtect portal and the GlobalProtect gateway.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0003"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
          "product_ids": [
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
          "product_ids": [
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
          "product_ids": [
            "CSAFPID-0003"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
          "product_ids": [
            "CSAFPID-0003"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0003"
          ]
        }
      ],
      "title": "CVE-2025-0114"
    },
    {
      "cve": "CVE-2025-4231",
      "cwe": {
        "id": "CWE-77",
        "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A command injection vulnerability in Palo Alto Networks PAN-OS\u00ae enables an authenticated administrative user to perform actions as the root user.\r\nThe attacker must have network access to the management web interface and successfully authenticate to exploit this issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0002"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Exposure can be reduced by limiting access to the management interface to trusted internal IP addresses as described in \nPalo Alto Networks\u0027 Security Advisory",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation https://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance.",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to the networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Con\ufb01gure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade Palo Alto Networks Virtual NGFW V11.1.4-h1. Contact customer support to receive patch and update information",
          "product_ids": [
            "CSAFPID-0002"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0002"
          ]
        }
      ],
      "title": "CVE-2025-4231"
    }
  ]
}