Siemens Ruggedcom ROS, SCALANCE
Plan Patch8.8ICS-CERT ICSA-17-271-01BSep 28, 2017
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
The RCDP (Ruggedcom Redundancy Configuration and Download Protocol) daemon on RUGGEDCOM ROS devices and some SCALANCE X switches is not properly configured after commissioning and does not require authentication. An attacker on the same network segment can send RCDP commands to perform administrative operations, including modifying device configuration, without valid credentials. The RCDP daemon is enabled by default and must be explicitly disabled if not required for redundancy operations. Siemens has released patched firmware versions for affected product lines.
What this means
What could happen
An attacker on the same network segment can run administrative commands on RUGGEDCOM and SCALANCE devices without authentication, potentially reconfiguring network settings, disabling safety features, or interrupting communications to field equipment.
Who's at risk
This affects Siemens RUGGEDCOM industrial routers and switches (ROS-based devices including i800, i801, i802, i803, M969, M2100, M2200, RMC, RP110, RS400/RS900/RS1600/RS8000 series, RSG, RSL, RST series) and SCALANCE X industrial managed switches (XB, XC, XF, XP, XR, XM series). These devices are used in power distribution networks, water treatment facilities, manufacturing automation, and other critical infrastructure for network segmentation and redundancy. Any organization using these devices for control network communication is affected.
How it could be exploited
An attacker with network access to a vulnerable RUGGEDCOM or SCALANCE device can send unauthenticated RCDP (Ruggedcom Redundancy Configuration and Download Protocol) requests directly to the device. If the RCDP daemon is enabled (the default after commissioning), the device accepts and processes commands to change configuration or administrative settings without requiring credentials.
Prerequisites
- Network access to the same network segment (adjacent network) as the vulnerable device
- RCDP daemon must be enabled on the target device (enabled by default after commissioning)
- No credentials required
Remotely exploitable from adjacent networkNo authentication requiredLow complexity attackDefault daemon enabled after commissioningAffects network infrastructure devices critical to industrial operationsNo patch available for some legacy firmware branches
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (247)
247 with fix
ProductAffected VersionsFix Status
RUGGEDCOM i800< 4.3.44.3.4
RUGGEDCOM i800NC< 4.3.44.3.4
RUGGEDCOM i801< 4.3.44.3.4
RUGGEDCOM i801NC< 4.3.44.3.4
RUGGEDCOM i802< 4.3.44.3.4
Remediation & Mitigation
0/6
Do now
0/2WORKAROUNDDisable the RCDP daemon if it is not needed for redundancy or network management operations
HARDENINGRestrict network access to RUGGEDCOM and SCALANCE management ports using firewall rules or network segmentation; limit access to trusted engineering workstations only
Schedule — requires maintenance window
0/4Patching may require device reboot — plan for process interruption
HOTFIXUpdate RUGGEDCOM ROS devices running firmware version 4.X to version 4.3.4 or later
HOTFIXUpdate RUGGEDCOM ROS devices running firmware version 5.X to version 5.0.1 or later
HOTFIXUpdate SCALANCE X switches (XB, XC, XF, XP, XR series) running firmware version 3.0 to version 3.0.2 or later
HOTFIXUpdate SCALANCE XM and XR switches running firmware version 6.1.0 to version 6.1.1 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/b4617b14-62d9-4f09-9bf9-4bdd47859f6b