Siemens Scalance X Buffer Overflow Vulnerability
Low RiskICS-CERT ICSA-12-102-04Jan 13, 2012
Summary
A buffer overflow vulnerability exists in Siemens Scalance X industrial Ethernet switches that affects all versions of the X414-3E, X308-2M, X-300EEC, XR-300, and X-300 models. The vulnerability is due to improper bounds checking in network packet processing. No vendor patches are available.
What this means
What could happen
A buffer overflow in Siemens Scalance X industrial switches could allow an attacker with network access to crash the switch or execute arbitrary code, disrupting network connectivity to your field devices, RTUs, or PLCs.
Who's at risk
Water authorities and electric utilities using Siemens Scalance X industrial Ethernet switches (including X414-3E, X308-2M, X-300EEC, XR-300, and X-300 models) for operational networks should assess their exposure. These switches are typically used to carry critical control and SCADA traffic between field devices and control centers.
How it could be exploited
An attacker with network connectivity to a Scalance X switch could send a malformed packet or command that exceeds the buffer boundaries. If successful, this could crash the device or potentially execute code on the switch to alter its behavior or take it offline.
Prerequisites
- Network access to the Siemens Scalance X switch via Ethernet
- No authentication required (unknown if authentication is bypassed or not needed)
remotely exploitableno patch availablebuffer overflow in network device
Exploitability
Moderate exploit probability (EPSS 2.7%)
Affected products (5)
5 EOL
ProductAffected VersionsFix Status
Scalance X414-3E: vers:all/*All versionsNo fix (EOL)
Scalance X308-2M: vers:all/*All versionsNo fix (EOL)
Scalance X-300EEC: vers:all/*All versionsNo fix (EOL)
Scalance X-300: vers:all/*All versionsNo fix (EOL)
Scalance XR-300: vers:all/*All versionsNo fix (EOL)
Remediation & Mitigation
0/3
Do now
0/2HARDENINGIsolate affected Scalance X switches from untrusted networks using network segmentation and firewalls—permit only necessary management and operational traffic
HARDENINGImplement network access controls to restrict which devices can communicate with Scalance X switches
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: Scalance X414-3E: vers:all/*, Scalance X308-2M: vers:all/*, Scalance X-300EEC: vers:all/*, Scalance X-300: vers:all/*, Scalance XR-300: vers:all/*. Apply the following compensating controls:
HARDENINGMonitor Scalance X switches for unexpected crashes, reboots, or unusual network behavior
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/2658c6e3-64fc-46cd-9d13-d386baeef2c3