SIEMEN’S RUGGEDCOM APE1808 devices are the focus of CISA’s ICS Advisory ICSA-26-071-02, released on 12 March 2026. The advisory notes Fortinet FortiOS vulnerabilities linked to Siemens Industrial products, with affected APE1808 versions listed as vers:all/* and CVEs including CVE-2025-55018, CVE-2025-62439 and CVE-2025-64157, plus CVE-2026-24858.
Affected products are described as known_affected, and the advisory provides vendor fixes and mitigations, including updating Fortigate NGFW to specific versions and referencing the Siemens advisory SSA-975644 for further details. The CVSS base scores range from 4.2 to 9.8 across the listed vulnerabilities, indicating medium to critical impact, and the mitigations repeatedly point to the SSA-975644 guidance in both HTML and CSAF formats.
For improved protection, CISA recommends minimising network exposure, isolating critical control networks behind firewalls, and using secure remote access methods, while urging affected organisations to consult Siemens’ ProductCERT notices for patch information. According to Siemens ProductCERT SSA-975644, the advisory is a republished CSAF-based notice to increase visibility.