Siemens SCALANCE M-800 Family

Plan Patch7.5ICS-CERT ICSA-24-319-06Nov 12, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The SCALANCE M-800 family of industrial routers (versions before V8.2) contains multiple vulnerabilities including buffer overflows, improper input validation, memory management flaws, and access control weaknesses. These flaws can be exploited remotely without credentials to cause denial of service, potentially affecting the availability of remote monitoring and control links for critical infrastructure. The vulnerabilities stem from improper handling of network packets and data validation issues across multiple protocol implementations in the router firmware.

What this means

What could happen

A remote attacker can send crafted network packets to a SCALANCE M-800 router without authentication, causing it to become unresponsive or crash, disrupting remote connectivity and monitoring for critical infrastructure networks.

Who's at risk

Water utilities, electric utilities, and other critical infrastructure operators using Siemens SCALANCE M-800 family routers for remote site connectivity (ADSL, SHDSL, LTE/4G, or Ethernet). These routers typically connect branch offices, remote substations, water pump stations, and distribution networks to the central control system.

How it could be exploited

An attacker on the network or internet can send specially crafted packets to the SCALANCE device's network interface. The device fails to properly validate or handle these packets due to buffer overflow and input validation flaws, causing a denial of service condition. No authentication is required.

Prerequisites

Network access to the SCALANCE M-800 device
No credentials required
Device running firmware version earlier than V8.2

remotely exploitableno authentication requiredlow complexityaffects availability of critical remote connectivityhigh CVSS score (7.5)

Exploitability

Moderate exploit probability (EPSS 4.5%)

Affected products (24)

24 with fix

ProductAffected VersionsFix Status

SCALANCE MUM853-1 (EU)<V8.28.2

SCALANCE MUM856-1 (A1)<V8.28.2

SCALANCE MUM856-1 (B1)<V8.28.2

RUGGEDCOM RM1224 LTE(4G) EU<V8.28.2

RUGGEDCOM RM1224 LTE(4G) NAM<V8.28.2

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to SCALANCE devices using firewall rules; ensure devices are not reachable from the internet or untrusted networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all SCALANCE M-800 family devices to firmware version 8.2 or later

Long-term hardening

0/2

HARDENINGImplement network segmentation to isolate SCALANCE routers and critical control network infrastructure behind firewalls, separate from business networks

HARDENINGWhen remote access to SCALANCE devices is necessary, use a VPN with current security patches rather than exposing devices directly to the internet

CVEs (16)

CVE-2021-3506 CVE-2023-28450 CVE-2023-49441 CVE-2024-2511 CVE-2024-4603 CVE-2024-4741 CVE-2024-5594 CVE-2024-26306 CVE-2024-26925 CVE-2024-28882 CVE-2024-50557 CVE-2024-50558 CVE-2024-50559 CVE-2024-50560 CVE-2024-50561 CVE-2024-50572

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/74098afd-af26-4802-addd-3441318992b6