Siemens RUGGEDCOM and SCALANCE M-800/S615 Family

Plan PatchCVSS 9.1ICS-CERT ICSA-23-348-14Dec 12, 2023

Siemens

Attack path

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in Siemens SCALANCE M-800 family and RUGGEDCOM RM1224 LTE routers before version 8.0 allow an administrator with high-level access to execute arbitrary commands on the device, bypass authentication mechanisms, generate weak encryption keys for secure communications, and manipulate network traffic. Affected devices include models used for ADSL/SHDSL remote connectivity, cellular LAN routing, and industrial Ethernet access. Siemens has released firmware version 8.0 for most products, but some devices have no patch available.

What this means

What could happen

An attacker with administrative credentials could exploit multiple vulnerabilities in these industrial routers to execute arbitrary commands, bypass authentication, or intercept encrypted communications. This could allow them to alter network traffic, disable remote sites, or introduce malware into critical infrastructure networks.

Who's at risk

Water utilities, electric utilities, and other critical infrastructure operators using Siemens RUGGEDCOM RM1224 LTE routers and SCALANCE M-800/S615 family industrial network devices for remote site connectivity and WAN management. These routers are typically deployed at substations, pumping stations, and distribution sites for SCADA communication and remote monitoring.

How it could be exploited

An attacker with high-level access (such as an admin account obtained through phishing or credential theft) can exploit weak cryptographic implementations and insufficient input validation to execute code on the router, intercept or modify network communications passing through the device, or manipulate critical configuration settings. The vulnerabilities span authentication bypass, weak encryption key generation, and OS command injection.

Prerequisites

Administrative or high-privilege credentials to access the device management interface
Network reachability to the device's management port
Knowledge of specific vulnerable configuration options or feature combinations

High privilege required but often delegated to field staffMultiple CVEs in same product family indicate systemic design issuesSome vulnerabilities have no patch availableAffects network backbone devices connecting critical sitesRouters are often overlooked in security patching schedulesWeak cryptographic implementations allow long-term interception

Exploitability

Unlikely to be exploited — EPSS score 0.5%

Affected products (36)

36 with fix

ProductAffected VersionsFix Status

RUGGEDCOM RM1224 LTE(4G) EU<V8.08.0

RUGGEDCOM RM1224 LTE(4G) NAM<V8.08.0

SCALANCE M804PB<V8.08.0

SCALANCE M812-1 ADSL-Router<V8.08.0

SCALANCE M816-1 ADSL-Router<V8.08.0

Remediation & Mitigation

0/6

Do now

0/3

WORKAROUNDRestrict network access to device management interfaces (web console, SSH, telnet) using firewall rules and network segmentation; allow only trusted engineering workstations and jump hosts

HARDENINGDisable unnecessary management protocols (telnet, HTTP) and use only SSH and HTTPS with strong credentials

WORKAROUNDFor devices where no patch is available (CVE-2023-44318, CVE-2023-44320, CVE-2023-44321), apply strict access controls and consider lifecycle replacement planning

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all RUGGEDCOM RM1224 LTE and SCALANCE M-800/S615 devices to firmware version 8.0 or later for CVE-2022-46143, CVE-2023-44319, CVE-2023-44322, CVE-2023-44373, CVE-2023-44374, and CVE-2023-49691

Long-term hardening

0/2

HARDENINGImplement network segmentation to isolate industrial routers from business networks and the internet; place devices behind firewalls

HARDENINGMonitor and log all access to device management interfaces for suspicious activity or credential misuse

CVEs (7)

CVE-2023-44373 CVE-2022-46143 CVE-2023-44318 CVE-2023-44319 CVE-2023-44322 CVE-2023-44374 CVE-2023-49691

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b1c9f499-cac8-466c-8a92-3b8b8d4f1e64

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.