SSA-967325

Siemens Security Advisory by Siemens ProductCERT

SSA-967325: Multiple Vulnerabilities in Palo Alto Networks PAN-OS on RUGGEDCOM APE1808 Devices

Publication Date:	2026-05-12
Last Update:	2026-06-09
Current Version:	V1.1
CVSS v3.1 Base Score:	10.0
CVSS v4.0 Base Score:	9.3

SUMMARY

Palo Alto Networks has published [1] information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities.

Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available. Customers are advised to consult and implement the workarounds provided in Palo Alto Networks' upstream security notifications.

[1] https://security.paloaltonetworks.com/

KNOWN AFFECTED PRODUCTS

Un-/Collapse All

Affected Product and Versions	Remediation
RUGGEDCOM APE1808	Show more details
RUGGEDCOM APE1808 All versions with Palo Alto Networks Virtual NGFW with User-ID™ Authentication Portal configured and interface management profile with response pages enabled affected by CVE-2026-0300	Contact customer support to receive patch and update information See further recommendations from section Mitigations
RUGGEDCOM APE1808 All versions with Palo Alto Networks Virtual NGFW affected by multiple CVEs CVE-2026-0256 CVE-2026-0261 CVE-2026-0262	Contact customer support to receive patch and update information See further recommendations from section Mitigations
RUGGEDCOM APE1808 All versions with Palo Alto Networks Virtual NGFW with GlobalProtect portal or gateway configured when authentication override cookies are enabled and a specific certificate configuration exists affected by CVE-2026-0257	Contact customer support to receive patch and update information See further recommendations from section Mitigations
RUGGEDCOM APE1808 All versions with Palo Alto Networks Virtual NGFW with a PAN-OS Site-to-Site VPN Gateway with IKEv2 configured affected by CVE-2026-0258	Contact customer support to receive patch and update information See further recommendations from section Mitigations
RUGGEDCOM APE1808 All versions with Palo Alto Networks Virtual NGFW with DNS Proxy enabled and a network proxy attached affected by CVE-2026-0264	Contact customer support to receive patch and update information See further recommendations from section Mitigations
RUGGEDCOM APE1808 All versions with Palo Alto Networks Virtual NGFW with Authentication Profile with CAS enabled and Authentication profile is attached to a login interface affected by CVE-2026-0265	Contact customer support to receive patch and update information See further recommendations from section Mitigations

MITIGATIONS

Siemens has identified the following specific mitigations that customers can apply to reduce the risk:

CVE-2026-0257

Use a dedicated certificate for Authentication Override cookies

Disable Authentication Override options (for generating and accepting cookies) in the GlobalProtect portal and gateway configuration

CVE-2026-0264

Disassociate DNS Proxy from externally accessible interfaces and configure DNS server with a RFC1918 or a public trusted IP address

Disable the DNS Proxy feature (Network > DNS Proxy) if it is not being used and configure DNS server with a RFC1918 or a public trusted IP address

CVE-2026-0300

Restrict access to the User-ID Authentication Portal to trusted internal IP addresses only

Disable Response Pages in the Interface Management Profile attached to every L3 interface in any zone where untrusted/internet traffic can ingress. Keep Response Pages enabled only on interfaces in trust/internal zones where legitimate users' browsers ingress

Disable User-ID™ Authentication Portal if not required

Product-specific remediations or mitigations can be found in the section Known Affected Products.
Please follow the General Security Recommendations.

GENERAL SECURITY RECOMMENDATIONS

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

PRODUCT DESCRIPTION

RUGGEDCOM APE1808 is a powerful utility-grade application hosting platform that lets you deploy a range of commercially available applications for edge computing and cybersecurity in harsh, industrial environments.

VULNERABILITY DESCRIPTION

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

Vulnerability CVE-2026-0256

A stored cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface.

CVSS v3.1 Base Score	5.2
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:N
CVSS v4.0 Base Score	6.9
CVSS v4.0 Vector	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
CWE	CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Vulnerability CVE-2026-0257

Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection.

CVSS v3.1 Base Score	9.3
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
CVSS v4.0 Base Score	7.8
CVSS v4.0 Vector	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
CWE	CWE-565: Reliance on Cookies without Validation and Integrity Checking

Vulnerability CVE-2026-0258

A server-side request forgery (SSRF) vulnerability in the IKEv2 implementation of Palo Alto Networks PAN-OS® software allows an unauthenticated attacker to cause the firewall to send network requests to unintended destinations or cause a denial of service (DoS) condition

CVSS v3.1 Base Score	8.2
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
CVSS v4.0 Base Score	8.3
CVSS v4.0 Vector	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
CWE	CWE-918: Server-Side Request Forgery (SSRF)

Vulnerability CVE-2026-0261

Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS® software enable an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI

CVSS v3.1 Base Score	7.2
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score	8.6
CVSS v4.0 Vector	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE	CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Vulnerability CVE-2026-0262

Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition by sending specially crafted network traffic to a dataplane interface

CVSS v3.1 Base Score	7.5
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS v4.0 Base Score	8.7
CVSS v4.0 Vector	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CWE	CWE-754: Improper Check for Unusual or Exceptional Conditions

Vulnerability CVE-2026-0264

A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or potentially execute arbitrary code by sending specially crafted network traffic (PA-Series hardware only)

CVSS v3.1 Base Score	9.0
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS v4.0 Base Score	9.2
CVSS v4.0 Vector	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N
CWE	CWE-122: Heap-based Buffer Overflow

Vulnerability CVE-2026-0265

An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service (CAS) is enabled

CVSS v3.1 Base Score	9.8
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score	9.2
CVSS v4.0 Vector	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE	CWE-347: Improper Verification of Cryptographic Signature

Vulnerability CVE-2026-0300

A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.

CVSS v3.1 Base Score	10.0
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS v4.0 Base Score	9.3
CVSS v4.0 Vector	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N
CWE	CWE-787: Out-of-bounds Write

ADDITIONAL INFORMATION

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

HISTORY DATA

V1.0 (2026-05-12):	Publication Date
V1.1 (2026-06-09):	Added CVE-2026-0256, CVE-2026-0257, CVE-2026-0258, CVE-2026-0261, CVE-2026-0262, CVE-2026-0264 and CVE-2026-0265

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.