OTPulse
FeedAboutContact

ICSA-19-225-03_Siemens SCALANCE X Switches (Update D)

Plan Patch8.6ICS-CERT ICSA-19-225-03Aug 13, 2019
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Siemens SCALANCE X-200 and X-200IRT managed Ethernet switches contain a denial-of-service vulnerability in the telnet service that allows an unauthenticated, remote attacker to crash or cause unresponsive behavior in the switch, disrupting network connectivity and potentially affecting downstream control devices.

What this means
What could happen
An attacker can remotely crash a SCALANCE switch or make it unresponsive, cutting off network access to connected PLCs, RTUs, and field devices. This could halt manufacturing, water treatment, or electrical distribution until the device restarts.
Who's at risk
Water authorities, electric utilities, and manufacturing facilities using Siemens SCALANCE X-200 or X-200IRT managed switches as backbone network infrastructure. These switches typically connect PLCs, RTUs, field devices, and operator workstations. Any critical process relying on network connectivity to these devices is at risk.
How it could be exploited
An attacker sends specially crafted packets to the telnet service (port 23/TCP) on the SCALANCE switch. No credentials or authentication are required. The malformed input triggers an unhandled exception or resource exhaustion, causing the switch to become unresponsive or reboot.
Prerequisites
  • Network access to port 23/TCP (telnet service) on the SCALANCE switch
  • Telnet service must be enabled (default configuration)
remotely exploitableno authentication requiredlow complexity attackcauses denial of serviceaffects network infrastructure that supports safety systems
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (1)
ProductAffected VersionsFix Status
SCALANCE X-200RNA: All versionsAll versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2
WORKAROUNDDisable telnet service on affected SCALANCE switches and use SSH instead
WORKAROUNDRestrict network access to port 23/TCP on SCALANCE switches using firewall rules or access control lists
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SCALANCE X-200 switch family to firmware v5.2.5 or later
HOTFIXUpdate SCALANCE X-200IRT switch family to firmware v5.5.0 or later
Mitigations - no patch available
0/1
SCALANCE X-200RNA: All versions has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGIsolate control system network containing SCALANCE switches from the business network using a firewall boundary
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/c3634eb1-797e-48d6-928a-a19b9d33c75f
ICSA-19-225-03_Siemens SCALANCE X Switches (Update D) | CVSS 8.6 - OTPulse