Siemens SCALANCE XB-200 / XC-200 / XP-200 / XF-200BA / XR-300WG Family
Monitor4.9ICS-CERT ICSA-24-074-08Mar 12, 2024
Attack VectorNetwork
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary
SCALANCE XB-200/XC-200/XP-200/XF-200BA/XR-300WG Family managed switches are affected by multiple vulnerabilities identified as CVE-2023-44318 and CVE-2023-44321. These vulnerabilities allow an attacker with elevated privileges and network access to the device to read sensitive information from device memory. The affected product family includes industrial Ethernet switches used for network segmentation and device connectivity in control system environments. Siemens has released firmware version 4.6 and later for some products but many variants remain without fixes or with fixes not yet available.
What this means
What could happen
An attacker with administrative credentials and network access to an affected switch could read sensitive data from device memory, potentially including configuration information, credentials, or other sensitive parameters. While not directly affecting physical operations, compromised switch memory could expose information needed to escalate attacks or access other network devices.
Who's at risk
Water utilities, electric utilities, and industrial facilities using Siemens SCALANCE managed switches for network segmentation in control system networks. Affected equipment includes XB-200 series (compact switches), XC-200 series (industrial Ethernet switches), XP-200 series (PoE switches), XF-204 series (firewall appliances), and XR-300WG series (managed switches). Organizations relying on these switches for critical infrastructure network segmentation should assess their inventory against the affected product list.
How it could be exploited
An attacker with administrative-level credentials and network access to the switch management interface (typically Ethernet or serial console) can send crafted requests to read unprotected memory regions on the device. The attacker does not need physical access or elevated OS-level privileges, only valid engineering credentials for the switch itself.
Prerequisites
- Valid administrative credentials for the SCALANCE switch (engineering account or web/serial management access)
- Network or serial console access to the device management interface
- Switch firmware version below 4.6 (for products with available fixes)
Requires valid administrative credentialsNetwork-accessible management interfaceLow exploit complexityMultiple product variants without fixes or with fixes not yet availableInformation disclosure riskAffects critical infrastructure switching
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (172)
86 with fix86 pending
ProductAffected VersionsFix Status
SCALANCE XB206-2 LD< 4.64.6
SCALANCE XB206-2 SCAll versionsNo fix yet
SCALANCE XB206-2 SC< 4.64.6
SCALANCE XB206-2 STAll versionsNo fix yet
SCALANCE XB206-2 ST< 4.64.6
Remediation & Mitigation
0/6
Do now
0/3WORKAROUNDFor products without available fixes, restrict network access to switch management interfaces using firewall rules. Allow only trusted engineering workstations and administration devices to reach management ports (typically 22/SSH, 23/Telnet, 80/HTTP, 443/HTTPS).
WORKAROUNDDisable unused management protocols on switches where possible (e.g., disable Telnet if only SSH is needed, disable HTTP if HTTPS is available).
HARDENINGImplement strong authentication for all switch management accounts. Change default credentials immediately and enforce password complexity requirements.
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate affected SCALANCE switches to firmware version 4.6 or later where available. Consult the Siemens security advisory SSA-353002 for the specific fixed firmware version for your product model.
Long-term hardening
0/2HARDENINGImplement network segmentation to isolate SCALANCE switch management traffic. Use separate VLANs or dedicated management networks that are not accessible from the process network or untrusted areas.
HARDENINGMonitor for unauthorized management access to switches. Enable and review switch audit logs for unexpected login attempts or configuration changes.
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/038f84dd-70f1-445a-bac3-7412f2f42b06