OTPulse
FeedAboutContact

Siemens Scalance S Multiple Security Vulnerabilities

Low RiskICS-CERT ICSA-12-102-05Jan 13, 2012
Summary

Siemens Scalance S network switches (models S602, S612, S613) Version 2 contain a stack buffer overflow vulnerability (CWE-121). The vulnerability allows an attacker with network access to send malformed packets that overflow the switch's memory, potentially enabling arbitrary code execution or denial of service. No vendor fix is available for these end-of-life product versions.

What this means
What could happen
An attacker with network access to Scalance S network switches could execute arbitrary code or cause the switch to fail, disrupting network connectivity for critical control systems in your facility.
Who's at risk
Water utilities and electric utilities operating Siemens Scalance S network switches (models S602, S612, S613) used to interconnect PLCs, RTUs, and engineering workstations in control network environments. These switches are commonly deployed as industrial Ethernet infrastructure in SCADA and DCS networks.
How it could be exploited
An attacker on the same network segment or with access to the switch management interface could send specially crafted packets that trigger a stack buffer overflow, allowing them to run arbitrary commands on the switch that could disable network connectivity or intercept traffic between PLCs and engineering workstations.
Prerequisites
  • Network access to the Scalance S switch (direct connection to a network segment it serves, or access to its management interface)
  • No authentication required to send malicious packets to trigger the buffer overflow
no patch availableremotely exploitableaffects industrial network infrastructurecould disrupt process visibility and control
Exploitability
Moderate exploit probability (EPSS 1.5%)
Affected products (3)
3 EOL
ProductAffected VersionsFix Status
Scalance S602: V2V2No fix (EOL)
Scalance S612: V2V2No fix (EOL)
Scalance S613: V2V2No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGIsolate Scalance S602, S612, and S613 switches on separate VLANs and restrict network access using firewall rules to only authorized engineering workstations and control devices
WORKAROUNDDisable remote management access on Scalance S switches if not required for operations; use only console (serial) access from a physically secured workstation
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to these switches for suspicious packets or unexpected commands that could indicate exploitation attempts
Mitigations - no patch available
0/1
The following products have reached End of Life with no planned fix: Scalance S602: V2, Scalance S612: V2, Scalance S613: V2. Apply the following compensating controls:
HARDENINGPlan migration to a newer Siemens Scalance S product line that includes security updates
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/6aa0bf13-6ed0-42d0-8690-dc701ffdc156