Siemens SCALANCE X Switches

Plan Patch8.6ICS-CERT ICSA-18-254-05Sep 11, 2018

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SCALANCE X-series network switches contain an input validation flaw (CWE-20) in the integrated web server accessible on port 443/TCP. The vulnerability allows unauthenticated remote attackers to trigger a denial-of-service condition that impacts availability across connected network segments.

What this means

What could happen

An attacker could remotely crash the SCALANCE switch's web interface or cause it to stop responding to management commands, disrupting control system communication across your network and preventing operators from monitoring or reconfiguring devices.

Who's at risk

Water authorities and electric utilities operating SCALANCE X-series switches in their SCADA networks, particularly those using X-300, X-408, or X-414 models for industrial network connectivity.

How it could be exploited

An attacker on the network (or with routing to it) sends a malformed request to port 443/TCP on the switch. The web server fails to validate the input, causing a crash or hang. No credentials or special configuration are required.

Prerequisites

Network reachability to port 443/TCP on the affected switch
No authentication required

remotely exploitableno authentication requiredlow complexityno patch available for X-414

Exploitability

Low exploit probability (EPSS 0.8%)

Affected products (3)

2 with fix1 EOL

ProductAffected VersionsFix Status

SCALANCE X-300 switch family (incl. SIPLUS NET variants): All<V4.0.0V4.1.2

SCALANCE X408: All<V4.0.0V4.1.2

SCALANCE X414: All versionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDRestrict network access to port 443/TCP on all SCALANCE switches to only trusted management IP addresses and workstations

WORKAROUNDDo not run vulnerability scanning tools or security assessments against SCALANCE X-414 devices from trusted networks, as scanning traffic can trigger the denial-of-service

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SCALANCE X-300 switches to firmware version 4.1.2 or later

HOTFIXUpdate SCALANCE X-408 switches to firmware version 4.1.2 or later

Mitigations - no patch available

0/1

SCALANCE X414: All versions has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIsolate SCALANCE switch management networks behind firewalls, separate from business networks, to reduce exposure of port 443/TCP

CVEs (1)

CVE-2018-13807

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c25d3674-2355-4e90-8866-ece364cbcc84