Siemens SCALANCE SC-600 Family
Act Now9.1ICS-CERT ICSA-24-046-09Feb 13, 2024
Attack VectorNetwork
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary
SCALANCE SC-600 Family switches before V3.0.2/V3.1 contain multiple vulnerabilities including authentication bypass (CWE-349), weak cryptographic controls (CWE-328), improper access restriction (CWE-425), and input validation flaws (CWE-74). These allow authenticated attackers to manipulate switch configuration, intercept traffic, or cause denial of service. Affected products include SC622-2C, SC626-2C, SC632-2C, SC636-2C, SC642-2C, and SC646-2C. Some vulnerabilities (CVE-2023-44317, CVE-2023-44373, CVE-2023-49691, CVE-2023-49692) are fixed in V3.0.2 or later; others (CVE-2023-44319, CVE-2023-44320, CVE-2023-44322) require V3.1 or later. CVE-2023-44321 has no planned fix.
What this means
What could happen
Multiple vulnerabilities in SCALANCE SC-600 industrial switches could allow an attacker with elevated privileges to manipulate network traffic, bypass security controls, or crash the device, disrupting communication between control systems and field equipment.
Who's at risk
Water utilities and electric co-ops using Siemens SCALANCE SC-600 industrial switches (SC622-2C, SC626-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C) should evaluate their deployments. These devices are critical network infrastructure in substations, treatment plants, and control centers where they connect field equipment (RTUs, sensors, actuators) to SCADA systems.
How it could be exploited
An attacker with administrative or engineering credentials could access the application webserver to exploit authentication bypass, cryptographic weaknesses, or improper input validation flaws. This could lead to unauthorized configuration changes, traffic interception, or denial of service on network segments critical to operations.
Prerequisites
- Administrative or engineering webserver credentials
- Network access to the device management interface (webserver port)
- Device running affected firmware version (before V3.0.2 or V3.1 depending on CVE)
High privilege requirement (admin credentials needed)Low complexity exploitation once authenticatedNo patch available for CVE-2023-44321Affects critical infrastructure network componentsMultiple cryptographic and authentication weaknessesDefault or weak credentials commonly used in legacy deployments
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (18)
17 with fix1 EOL
ProductAffected VersionsFix Status
SCALANCE SC646-2C<V3.0.23.0.2
SCALANCE SC646-2C<V3.13.1
SCALANCE SC632-2CAll versionsNo fix (EOL)
SCALANCE SC646-2CAll versions3.0.2, 3.1
SCALANCE SC622-2C<V3.0.23.0.2
Remediation & Mitigation
0/5
Do now
0/1WORKAROUNDRestrict webserver access to trusted engineering workstations and administrators only using network firewall rules or local access controls
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
SCALANCE SC646-2C
HOTFIXUpdate SCALANCE SC646-2C, SC622-2C, SC626-2C, SC632-2C, SC636-2C, and SC642-2C to firmware version 3.0.2 or later
HOTFIXUpdate SCALANCE SC646-2C, SC622-2C, SC626-2C, SC632-2C, SC636-2C, and SC642-2C to firmware version 3.1 or later for CVE-2023-44319, CVE-2023-44320, and CVE-2023-44322
Mitigations - no patch available
0/2SCALANCE SC632-2C has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement network segmentation to limit access to the device management interface from non-engineering networks
HARDENINGReview and rotate administrative credentials used to access the device webserver
CVEs (8)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/2f4dae65-3eba-4120-80d9-7cb5806a81ea