OTPulse
FeedAboutContact

Siemens SCALANCE M-800/S615 Web Vulnerability

Monitor4ICS-CERT ICSA-16-271-01Jul 1, 2016
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary

The SCALANCE M-800/S615 industrial wireless gateway contains insufficient encryption in its web interface (CWE-614). An attacker positioned on the network path between a remote user and the device could intercept sensitive information such as configuration data or credentials. Affected versions are below V4.02. No firmware update is available from Siemens to address this issue.

What this means
What could happen
An attacker could intercept and read sensitive information transmitted between the SCALANCE M-800/S615 device and remote users due to insufficient encryption. This could expose configuration data or authentication credentials needed to manage the industrial wireless gateway.
Who's at risk
Water utilities and electric cooperatives operating Siemens SCALANCE M-800/S615 industrial wireless gateways used to manage distributed field devices (RTUs, sensors, remote telemetry units) over wireless networks should assess their remote management practices.
How it could be exploited
An attacker on the network path between a remote user and the SCALANCE M-800/S615 device could perform a man-in-the-middle attack to intercept unencrypted or weakly encrypted web traffic. The attack requires network proximity (AV:N but AC:H suggests conditional difficulty) but no authentication.
Prerequisites
  • Network access to the device's web management interface (port 80/443)
  • Ability to intercept traffic between remote user and device (man-in-the-middle position on network path)
  • No credentials required for interception
remotely exploitableman-in-the-middle attacklow complexity for attacker in positionaffects industrial wireless communications gatewayno patch available
Exploitability
Low exploit probability (EPSS 0.7%)
Affected products (1)
ProductAffected VersionsFix Status
SCALANCE M-800/S615: <V4.02<V4.02No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDDeploy encrypted VPN or secure tunnel for all remote access to the device management interface
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGDisable remote management via unencrypted HTTP; enforce HTTPS-only access if the device supports it
Mitigations - no patch available
0/2
SCALANCE M-800/S615: <V4.02 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement network segmentation to restrict access to the SCALANCE M-800/S615 management interface to authorized engineering networks only
HARDENINGMonitor network traffic for suspicious access patterns to the device's web interface
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/9bf0fae1-e1ee-4614-8238-f4bbb9a57dd4