OTPulse
FeedAboutContact

Siemens SCALANCE X-300/X408 Switch Family DOS Vulnerabilities

Low RiskICS-CERT ICSA-15-020-01Oct 23, 2015
Summary

The SCALANCE X-300 and X408 switches contain denial-of-service vulnerabilities that can be triggered by crafted network packets. An attacker who can reach the switch on the network can cause it to become unresponsive, severing network connectivity for all connected devices. The vulnerabilities result from improper input validation (CWE-20) and path traversal handling (CWE-22) in the switch firmware.

What this means
What could happen
A crafted network packet could cause the SCALANCE X-300/X408 switches to become unresponsive, disrupting network connectivity in critical manufacturing, water, or utility environments where these industrial switches control communication between field devices and control centers.
Who's at risk
Water utilities, electric utilities, and manufacturing plants that use Siemens SCALANCE X-300 or X408 switches for industrial network infrastructure. These switches are commonly deployed in manufacturing execution systems, SCADA networks, and utility control networks where network availability is critical to safe operations.
How it could be exploited
An attacker with network access to the switch could send specially crafted packets that trigger a denial-of-service condition, rendering the switch unresponsive and severing network connectivity for all devices connected through it. This requires only network-level access and no authentication.
Prerequisites
  • Network access to the SCALANCE X-300 or X408 switch (same network segment or routable path)
  • Ability to send crafted network packets to the switch
  • No authentication or valid credentials required
remotely exploitableno authentication requiredno patch availablenetwork infrastructure component (critical dependency)
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (2)
2 EOL
ProductAffected VersionsFix Status
SCALANCE X-300 switch family: <V4.0<V4.0No fix (EOL)
SCALANCE X408: <V4.0<V4.0No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/3
HARDENINGImplement network segmentation to limit direct access to SCALANCE switches from untrusted networks
HARDENINGDeploy firewall rules to restrict traffic to the switch to only authorized management and industrial control interfaces
WORKAROUNDIsolate affected SCALANCE switches on a protected industrial network segment
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to the switches for anomalous or malformed packets
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/6d37e1fa-b7ae-44c6-9852-c3db65bca3fc
Siemens SCALANCE X-300/X408 Switch Family DOS Vulnerabilities - OTPulse