{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Palo Alto Networks has published [1] information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities.\n\nSiemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available. Customers are advised to consult and implement the workarounds provided in Palo Alto Networks' upstream security notifications.\n\n[1] https://security.paloaltonetworks.com/",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productcert@siemens.com",
      "name": "Siemens ProductCERT",
      "namespace": "https://www.siemens.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-967325: Multiple Vulnerabilities in Palo Alto Networks PAN-OS on RUGGEDCOM APE1808 Devices - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-967325.html"
      },
      {
        "category": "self",
        "summary": "SSA-967325: Multiple Vulnerabilities in Palo Alto Networks PAN-OS on RUGGEDCOM APE1808 Devices - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-967325.json"
      }
    ],
    "title": "SSA-967325: Multiple Vulnerabilities in Palo Alto Networks PAN-OS on RUGGEDCOM APE1808 Devices",
    "tracking": {
      "current_release_date": "2026-06-09T00:00:00.000Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      },
      "id": "SSA-967325",
      "initial_release_date": "2026-05-12T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-05-12T00:00:00.000Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        },
        {
          "date": "2026-06-09T00:00:00.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added CVE-2026-0256, CVE-2026-0257, CVE-2026-0258, CVE-2026-0261, CVE-2026-0262, CVE-2026-0264 and CVE-2026-0265"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "RUGGEDCOM APE1808",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "RUGGEDCOM APE1808",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "RUGGEDCOM APE1808",
                  "product_id": "3"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "RUGGEDCOM APE1808",
                  "product_id": "4"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "RUGGEDCOM APE1808",
                  "product_id": "5"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "RUGGEDCOM APE1808",
                  "product_id": "6"
                }
              }
            ],
            "category": "product_name",
            "name": "RUGGEDCOM APE1808"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-0256",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A stored cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS\u00ae software enables a malicious authenticated administrator to store a JavaScript payload using the web interface.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "2"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Contact customer support to receive patch and update information",
          "product_ids": [
            "2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "2"
          ]
        }
      ],
      "title": "CVE-2026-0256"
    },
    {
      "cve": "CVE-2026-0257",
      "cwe": {
        "id": "CWE-565",
        "name": "Reliance on Cookies without Validation and Integrity Checking"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS\u00ae software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "3"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Disable Authentication Override options (for generating and accepting cookies) in the GlobalProtect portal and gateway configuration",
          "product_ids": [
            "3"
          ]
        },
        {
          "category": "mitigation",
          "details": "Use a dedicated certificate for Authentication Override cookies",
          "product_ids": [
            "3"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Contact customer support to receive patch and update information",
          "product_ids": [
            "3"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "3"
          ]
        }
      ],
      "title": "CVE-2026-0257"
    },
    {
      "cve": "CVE-2026-0258",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A server-side request forgery (SSRF) vulnerability in the IKEv2 implementation of Palo Alto Networks PAN-OS\u00ae software allows an unauthenticated attacker to cause the firewall to send network requests to unintended destinations or cause a denial of service (DoS) condition",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "4"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Contact customer support to receive patch and update information",
          "product_ids": [
            "4"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "4"
          ]
        }
      ],
      "title": "CVE-2026-0258"
    },
    {
      "cve": "CVE-2026-0261",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS\u00ae software enable an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "2"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Contact customer support to receive patch and update information",
          "product_ids": [
            "2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "2"
          ]
        }
      ],
      "title": "CVE-2026-0261"
    },
    {
      "cve": "CVE-2026-0262",
      "cwe": {
        "id": "CWE-754",
        "name": "Improper Check for Unusual or Exceptional Conditions"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS\u00ae software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition by sending specially crafted network traffic to a dataplane interface",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "2"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Contact customer support to receive patch and update information",
          "product_ids": [
            "2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "2"
          ]
        }
      ],
      "title": "CVE-2026-0262"
    },
    {
      "cve": "CVE-2026-0264",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS\u00ae Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or potentially execute arbitrary code by sending specially crafted network traffic (PA-Series hardware only)",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "5"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Disable the DNS Proxy feature (Network > DNS Proxy) if it is not being used and configure DNS server with a RFC1918 or a public trusted IP address",
          "product_ids": [
            "5"
          ]
        },
        {
          "category": "mitigation",
          "details": "Disassociate DNS Proxy from externally accessible interfaces  and configure DNS server with a RFC1918 or a public trusted IP address",
          "product_ids": [
            "5"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Contact customer support to receive patch and update information",
          "product_ids": [
            "5"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "5"
          ]
        }
      ],
      "title": "CVE-2026-0264"
    },
    {
      "cve": "CVE-2026-0265",
      "cwe": {
        "id": "CWE-347",
        "name": "Improper Verification of Cryptographic Signature"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An authentication bypass vulnerability in Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service (CAS) is enabled",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "6"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Contact customer support to receive patch and update information",
          "product_ids": [
            "6"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "6"
          ]
        }
      ],
      "title": "CVE-2026-0265"
    },
    {
      "cve": "CVE-2026-0300",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A buffer overflow vulnerability in the User-ID\u2122 Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Disable Response Pages in the Interface Management Profile attached to every L3 interface in any zone where untrusted/internet traffic can ingress. Keep Response Pages enabled only on interfaces in trust/internal zones where legitimate users' browsers ingress",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Disable User-ID\u2122 Authentication Portal if not required",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict access to the User-ID Authentication Portal to trusted internal IP addresses only",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Contact customer support to receive patch and update information",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2026-0300"
    }
  ]
}