Siemens SCALANCE X-200 Web Hijack Vulnerability
Low RiskICS-CERT ICSA-13-254-01Jun 14, 2013
Summary
A web hijack vulnerability in Siemens SCALANCE X-200 industrial Ethernet switches allows an attacker with network access to the web management interface to take unauthorized administrative actions. The vulnerability affects all X-200 variants running firmware versions below 5.0.0. No patch is available from Siemens, and the vulnerability is not currently being actively exploited in the wild.
What this means
What could happen
An attacker could hijack the web interface of SCALANCE X-200 switches, potentially gaining administrative control and redirecting traffic or modifying network configurations that support critical plant communications.
Who's at risk
Water and electric utilities relying on SCALANCE X-200 managed industrial Ethernet switches for network infrastructure, particularly those using the web interface for switch administration or monitoring. All variants in the X-200 family running firmware below version 5.0.0 are affected.
How it could be exploited
An attacker with network access to the switch's web interface could exploit insufficient input validation to inject malicious content or hijack the web session, allowing them to take administrative actions on the switch without proper authentication or authorization checks.
Prerequisites
- Network access to the web management interface of the SCALANCE X-200 switch (typically port 80/443)
- No authentication bypass required; vulnerability allows session or input hijacking
remotely exploitableno fix availablenetwork-critical infrastructure affectedmanagement interface exposure
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (16)
15 pending1 EOL
ProductAffected VersionsFix Status
SCALANCE X-200 switch Machine-Readable Product Designation (MLFB): 6GK5224-0BA00-2AA36GK5224-0BA00-2AA3No fix yet
SCALANCE X-200 switch Machine-Readable Product Designation (MLFB): 6GK5216-0BA00-2AA36GK5216-0BA00-2AA3No fix yet
SCALANCE X-200 switch Machine-Readable Product Designation (MLFB): 6GK5212-2BB00-2AA36GK5212-2BB00-2AA3No fix yet
SCALANCE X-200 switch Machine-Readable Product Designation (MLFB): 6GK5212-2BC00-2AA36GK5212-2BC00-2AA3No fix yet
SCALANCE X-200 switch Machine-Readable Product Designation (MLFB): 6GK5208-0BA10-2AA36GK5208-0BA10-2AA3No fix yet
Remediation & Mitigation
0/4
Do now
0/2WORKAROUNDRestrict network access to the web management interface of SCALANCE X-200 switches using firewall rules; only permit access from trusted engineering workstations or management networks
HARDENINGDisable the web interface on switches if not operationally required; configure management access only through secure, authenticated channels like SSH or SNMP with encryption
Mitigations - no patch available
0/2SCALANCE X-200 switch family firmware: <V5.0.0. has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGMonitor and log all access attempts to switch web interfaces for suspicious activity
HARDENINGImplement network segmentation to isolate switch management traffic from general plant networks
CVEs (1)
โโ Navigate ยท Esc Close
API:
/api/v1/advisories/384d9b2e-c350-4b0b-b37e-14e06ed5ff1e