Siemens SCALANCE X-200IRT Switch Family User Impersonation Vulnerability
Low RiskICS-CERT ICSA-15-034-01Nov 6, 2015
Summary
The SCALANCE X-200IRT switch family versions below 5.2.0 contains a user impersonation vulnerability (CWE-287) in its authentication mechanism. An attacker with network access could bypass authentication controls and impersonate legitimate users, potentially gaining unauthorized administrative access to the switch. Siemens has not released a patch for this vulnerability; affected switches cannot be updated to a corrected firmware version.
What this means
What could happen
An attacker with network access to the switch could impersonate legitimate users, potentially gaining unauthorized access to administrative functions or network management interfaces and disrupting switch configuration or operations.
Who's at risk
Water utilities and municipal electric utilities operating Siemens SCALANCE X-200IRT industrial switches in their operational technology networks. This affects any facility using these switches for network infrastructure in control system environments, including data acquisition networks, SCADA backbone networks, and isolated OT subnets.
How it could be exploited
An attacker on the network sends specially crafted authentication requests to the SCALANCE X-200IRT switch that bypass or circumvent user authentication checks, allowing the attacker to assume the identity of a valid user without providing correct credentials.
Prerequisites
- Network access to the SCALANCE X-200IRT switch management interface (typically port 80, 443, or Telnet)
- No valid credentials required; the vulnerability exists in the authentication mechanism itself
remotely exploitableno authentication requiredno patch availableaffects network infrastructure
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (1)
ProductAffected VersionsFix Status
SCALANCE X-200IRT switch family: <V5.2.0<V5.2.0No fix (EOL)
Remediation & Mitigation
0/5
Do now
0/4HARDENINGImplement network segmentation to restrict management access to the SCALANCE X-200IRT switch from trusted administrative networks only
HARDENINGDeploy access control lists (ACLs) or firewall rules to limit inbound connections to the switch's management ports (HTTP, HTTPS, Telnet) to authorized engineering workstations
HARDENINGDisable unnecessary management protocols (Telnet, HTTP) and use only encrypted management channels (HTTPS/SSH) where available
HARDENINGMonitor switch management logs for unauthorized access attempts or unusual authentication activity
Mitigations - no patch available
0/1SCALANCE X-200IRT switch family: <V5.2.0 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGPlan replacement or upgrade of affected SCALANCE X-200IRT switches below version 5.2.0 as part of long-term capital equipment refresh
CVEs (1)
โโ Navigate ยท Esc Close
API:
/api/v1/advisories/c84f6860-0580-474f-9b09-ed853e4e199f