Siemens SCALANCE M-800 and SC-600 Families

Low Risk3.7ICS-CERT ICSA-25-072-07Mar 11, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

SCALANCE M-800 and SC-600 families are affected by improper input validation in the OpenVPN authentication mechanism. This vulnerability could allow an attacker to bypass authentication controls or cause integrity issues in the authentication process. Siemens has released firmware updates to version 8.2.1 or later for most affected products but states no fix is currently available for the SCALANCE SC-600 family.

What this means

What could happen

An attacker could bypass OpenVPN authentication on affected SCALANCE routers, potentially gaining unauthorized access to network management functions or altering device configuration. The SCALANCE SC-600 family has no fix available and remains at risk.

Who's at risk

Water utilities and electric utilities that use Siemens SCALANCE M-800 series routers (SCALANCE M826, M874, M876, MUB852, MUM853, MUM856 models) or RUGGEDCOM RM1224 LTE routers for remote site connectivity or network segmentation. The SCALANCE SC-600 family, commonly used in industrial networks, is affected but has no vendor fix available. These are critical network boundary devices—unauthorized access could allow an attacker to reconfigure network access policies or gain visibility into control system networks.

How it could be exploited

An attacker with network access to an affected SCALANCE router's OpenVPN service port could send specially crafted authentication messages that exploit improper input validation, bypassing the authentication check and gaining access to device management functions.

Prerequisites

Network access to the OpenVPN service port on the affected SCALANCE router
The OpenVPN authentication feature must be enabled on the device

remotely exploitablelow authentication complexityaffects network access control to OT devicesno fix available for SC-600 family

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (27)

26 with fix1 pending

ProductAffected VersionsFix Status

RUGGEDCOM RM1224 LTE(4G) EU< V8.2.18.2.1

RUGGEDCOM RM1224 LTE(4G) NAM< V8.2.18.2.1

SCALANCE M804PB< V8.2.18.2.1

SCALANCE M812-1 ADSL-Router family< V8.2.18.2.1

SCALANCE M816-1 ADSL-Router family< V8.2.18.2.1

Remediation & Mitigation

0/4

Do now

0/2

SCALANCE SC-600 family

WORKAROUNDFor SCALANCE SC-600 family devices with no vendor fix available: restrict network access to OpenVPN management ports using firewall rules, allowing only authorized engineering workstations or bastion hosts

All products

HARDENINGEnforce strong, unique passwords on all SCALANCE M-800 and SC-600 family devices as an additional authentication layer

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

SCALANCE M804PB

HOTFIXUpdate RUGGEDCOM RM1224 LTE, SCALANCE M804PB, M812/816/826/874/876 series, MUB852, MUM853, MUM856, and S615 models to firmware version 8.2.1 or later

Long-term hardening

0/1

HARDENINGIsolate SCALANCE router devices from direct internet access and place them behind firewalls. Route all remote management traffic through a VPN or bastion host with separate authentication

CVEs (1)

CVE-2025-23384

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/29a91a09-b8d9-499a-b8b4-81746d9055f8