Siemens Ruggedcom ROS, SCALANCE

Plan PatchCVSS 8.8ICS-CERT ICSA-17-271-01BSep 28, 2017

SiemensManufacturing

Attack path

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The RCDP (Ruggedcom Redundancy Configuration and Download Protocol) daemon on RUGGEDCOM ROS devices and some SCALANCE X switches is not properly configured after commissioning and does not require authentication. An attacker on the same network segment can send RCDP commands to perform administrative operations, including modifying device configuration, without valid credentials. The RCDP daemon is enabled by default and must be explicitly disabled if not required for redundancy operations. Siemens has released patched firmware versions for affected product lines.

What this means

What could happen

An attacker on the same network segment can run administrative commands on RUGGEDCOM and SCALANCE devices without authentication, potentially reconfiguring network settings, disabling safety features, or interrupting communications to field equipment.

Who's at risk

This affects Siemens RUGGEDCOM industrial routers and switches (ROS-based devices including i800, i801, i802, i803, M969, M2100, M2200, RMC, RP110, RS400/RS900/RS1600/RS8000 series, RSG, RSL, RST series) and SCALANCE X industrial managed switches (XB, XC, XF, XP, XR, XM series). These devices are used in power distribution networks, water treatment facilities, manufacturing automation, and other critical infrastructure for network segmentation and redundancy. Any organization using these devices for control network communication is affected.

How it could be exploited

An attacker with network access to a vulnerable RUGGEDCOM or SCALANCE device can send unauthenticated RCDP (Ruggedcom Redundancy Configuration and Download Protocol) requests directly to the device. If the RCDP daemon is enabled (the default after commissioning), the device accepts and processes commands to change configuration or administrative settings without requiring credentials.

Prerequisites

Network access to the same network segment (adjacent network) as the vulnerable device
RCDP daemon must be enabled on the target device (enabled by default after commissioning)
No credentials required

Remotely exploitable from adjacent networkNo authentication requiredLow complexity attackDefault daemon enabled after commissioningAffects network infrastructure devices critical to industrial operationsNo patch available for some legacy firmware branches

Exploitability

Unlikely to be exploited — EPSS score 0.5%

Affected products (247)

247 with fix

ProductAffected VersionsFix Status

RUGGEDCOM i800< 4.3.44.3.4

RUGGEDCOM i800NC< 4.3.44.3.4

RUGGEDCOM i801< 4.3.44.3.4

RUGGEDCOM i801NC< 4.3.44.3.4

RUGGEDCOM i802< 4.3.44.3.4

Remediation & Mitigation

0/6

Do now

0/2

WORKAROUNDDisable the RCDP daemon if it is not needed for redundancy or network management operations

HARDENINGRestrict network access to RUGGEDCOM and SCALANCE management ports using firewall rules or network segmentation; limit access to trusted engineering workstations only

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

HOTFIXUpdate RUGGEDCOM ROS devices running firmware version 4.X to version 4.3.4 or later

HOTFIXUpdate RUGGEDCOM ROS devices running firmware version 5.X to version 5.0.1 or later

HOTFIXUpdate SCALANCE X switches (XB, XC, XF, XP, XR series) running firmware version 3.0 to version 3.0.2 or later

HOTFIXUpdate SCALANCE XM and XR switches running firmware version 6.1.0 to version 6.1.1 or later

CVEs (1)

CVE-2017-12736

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b4617b14-62d9-4f09-9bf9-4bdd47859f6b

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.