Siemens VxWorks-based Industrial Products (Update C)
Monitor5.9ICS-CERT ICSA-21-194-12Jul 13, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary
A heap-based buffer overflow exists in VxWorks-based Siemens SCALANCE network switches and SINAMICS PERFECT HARMONY GH180 drives due to improper memory handling. All product versions prior to firmware 4.1.4 are affected, including SCALANCE X2xx, X3xx, X4xx, XF, and XR series models. SINAMICS GH180 drives manufactured between 2015 and 2021 are vulnerable; drives manufactured in 2022 are not affected. An attacker can exploit this vulnerability by sending a malicious network packet to cause a denial of service or potentially execute arbitrary code on the device.
What this means
What could happen
A heap buffer overflow in VxWorks-based network switches and drives could allow an attacker with network access to crash the device or potentially execute code, disrupting network connectivity to critical automation equipment and causing process interruptions.
Who's at risk
Manufacturing facilities using Siemens SCALANCE industrial network switches (X2xx, X3xx, X4xx, XF and XR series) and SINAMICS PERFECT HARMONY GH180 variable frequency drives manufactured between 2015 and 2021 need to assess exposure. These switches and drives are common in automation networks for connecting PLCs, sensors, and field devices to plant control systems.
How it could be exploited
An attacker sends a specially crafted network packet to an affected SCALANCE network switch or SINAMICS drive that is reachable from the network. The malformed data overflows a heap buffer in the VxWorks operating system, potentially allowing code execution or causing the device to crash and stop responding.
Prerequisites
- Network access to the affected device on the industrial network
- No authentication required
remotely exploitableno authentication requiredaffects network infrastructureheap-based buffer overflowimpacts device availability
Exploitability
Low exploit probability (EPSS 0.6%)
Affected products (110)
110 with fix
ProductAffected VersionsFix Status
SCALANCE X208PRO (6GK5208-0HA10-2AA6): All versionsAll versions4.1.4
SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA6): All versionsAll versions4.1.4
SCALANCE X308-2M (6GK5308-2GG00-2AA2): All versionsAll versions4.1.4
SCALANCE X302-7 EEC (230V) (6GK5302- 7GD00-3EA3): All versionsAll versions4.1.4
SCALANCE XF208 (6GK5208-0BA00-2AF2): All versionsAll versions4.1.4
Remediation & Mitigation
0/3
Do now
0/1WORKAROUNDRestrict network access to affected switches and drives using firewall rules, allowing only traffic from trusted engineering and control systems
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate SCALANCE network switches and SINAMICS PERFECT HARMONY GH180 Drives to firmware version 4.1.4 or later
Long-term hardening
0/1HARDENINGImplement network segmentation to isolate critical automation equipment on separate VLANs, limiting exposure of vulnerable devices to untrusted networks
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/4bffc3ae-7d4a-48d1-bd06-496436028ab9