VDB
SSA-455250
SSA-455250
PUBLISHED
CVSS 9.800000190734863 CRITICAL
Palo Alto Networks has published [1] information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens has released a new version of Palo Alto Networks Virtual NGFW for RUGGEDCOM APE1808 and recommends to update to the latest version. Customers are advised to consult and implement the workarounds provided in Palo Alto Networks' upstream security notifications. [1] https://security.paloaltonetworks.com/
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| RUGGEDCOM APE1808 |
Exploit Intelligence
- Security issues CVE-2025-31115: Threaded .xz decoder frees memory too early CVE-2024-47611: Argument injection on Windows CVE-2024-3094: liblzma backdoor CVE-2022-1271: xzgrep filename handling CVE-2020-22916: A bogus CVE (github-poc-repo)
- Security issues CVE-2025-31115: Threaded .xz decoder frees memory too early CVE-2024-47611: Argument injection on Windows CVE-2024-3094: liblzma backdoor CVE-2022-1271: xzgrep filename handling CVE-2020-22916: A bogus CVE (github-poc-repo)
- Security issues CVE-2025-31115: Threaded .xz decoder frees memory too early CVE-2024-47611: Argument injection on Windows CVE-2024-3094: liblzma backdoor CVE-2022-1271: xzgrep filename handling CVE-2020-22916: A bogus CVE (github-poc)
- Security issues CVE-2025-31115: Threaded .xz decoder frees memory too early CVE-2024-47611: Argument injection on Windows CVE-2024-3094: liblzma backdoor CVE-2022-1271: xzgrep filename handling CVE-2020-22916: A bogus CVE (github-poc)
- https://cert-portal.siemens.com/productcert/html/ssa-455250.html (circl)
- https://cert-portal.siemens.com/productcert/csaf/ssa-455250.json (circl)
- cve_rules.hpp (github-poc)
- packageScanner_test.cpp (github-poc)
- zephyr-crosstool-arm-grype.html (github-poc)
- zephyr-crosstool-arm-grype.html (github-poc)
…and 14 more exploits
Timeline
- Apr 9, 2024 CVE Published
- May 13, 2025 CVE Updated