Siemens RUGGEDCOM, SCALANCE, SIMATIC, SINEMA (Update B)

Act Now7.5ICS-CERT ICSA-20-105-05Apr 14, 2020

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Siemens RUGGEDCOM, SCALANCE, SIMATIC NET, and SINEMA Remote Connect products contain input validation and resource management flaws (CWE-400, CWE-20) in network packet handling. An attacker can send specially crafted or excessive network packets that the devices fail to properly validate or rate-limit, causing resource exhaustion and denial of service. This affects industrial communication devices used for networking PLCs, remote I/O modules, wireless connectivity, and remote management. The vulnerability requires only network reachability and no credentials. Siemens recommends updating to patched firmware versions and protecting network access through firewalls and segmentation.

What this means

What could happen

An attacker with network access to affected Siemens networking devices could send specially crafted packets to cause a denial-of-service condition, preventing the devices from forwarding traffic and disrupting communication to industrial equipment on the network.

Who's at risk

This affects operators of Siemens industrial networking equipment including switch families (RUGGEDCOM, SCALANCE), communication processors (SIMATIC NET CP series), remote management servers (SINEMA Remote Connect), and RFID readers used in manufacturing, water treatment, power distribution, and other critical infrastructure sectors. Any organization using these products for PLC networking, remote gateway connectivity, or wireless communication is potentially affected.

How it could be exploited

An attacker on the network sends malformed or excessive packets to the device's network port. The device fails to validate or rate-limit the input, consuming resources and becoming unresponsive. This stops the device from relaying data to PLCs, remote gateways, or other connected systems, disrupting process communication.

Prerequisites

Network reachability to the affected device (direct or routed)
No credentials required
Device running vulnerable firmware version

Remotely exploitable without authenticationLow attack complexityHigh EPSS score (11.4%) indicates significant exploit probabilityAffects network backbone devices critical to control system communicationNo patch available yet for some product variants (SINEMA Remote Connect Server versions between 1.1 and 2.0 still vulnerable as of advisory date)

Exploitability

High exploit probability (EPSS 11.4%)

Affected products (21)

21 with fix

ProductAffected VersionsFix Status

RUGGEDCOM RM1224: All<V6.16.1

SCALANCE M-800 / S615: All<V6.16.1

SCALANCE SC-600: All<V2.02.0 or a later version

SCALANCE W1700 IEEE 802.11ac: All<V2.02.0

SCALANCE W700 IEEE 802.11a/b/g/n: All<V6.46.4

Remediation & Mitigation

0/20

Do now

0/1

HARDENINGRestrict network access to affected devices using firewall rules and access control lists; allow only authorized engineering workstations and control systems to communicate with these devices

Schedule — requires maintenance window

0/18

Patching may require device reboot — plan for process interruption

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate Siemens networking devices from untrusted networks and limit exposure

CVEs (2)

CVE-2018-5390 CVE-2018-5391

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close