Siemens SCALANCE M-800 and SC-600 Families

Low RiskCVSS 3.7ICS-CERT ICSA-25-072-07Mar 11, 2025

Siemens

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

Improper input validation in the OpenVPN authentication mechanism of SCALANCE M-800 and SC-600 families allows an attacker to bypass authentication without valid credentials. Affected products include SCALANCE M804PB, M812/816/826/874/876 series routers, MUB852-1 and MUM853/856 series devices, RUGGEDCOM RM1224 LTE routers, and SCALANCE S615 LAN-Routers. Siemens has released firmware version 8.2.1 for most affected products. The SCALANCE SC-600 family is not yet receiving a fix.

What this means

What could happen

An attacker with network access to the OpenVPN authentication interface could bypass authentication and gain unauthorized access to the device, potentially allowing them to modify router configurations, interrupt network connectivity, or pivot into the industrial network.

Who's at risk

Water utilities and municipal electric utilities operating SCALANCE M-800 series industrial routers, RUGGEDCOM LTE routers, or SCALANCE SC-600 series devices. This affects network connectivity and remote access infrastructure in OT environments, including ADSL, SHDSL, 3G, and LTE router models deployed at substations and remote facilities.

How it could be exploited

An attacker sends malformed input to the OpenVPN authentication mechanism on the affected device. Due to improper input validation (CWE-187), the authentication check can be bypassed without valid credentials. Once authenticated, the attacker can access the management interface and execute commands on the router.

Prerequisites

Network access to the device's OpenVPN authentication port (typically UDP 1194)
The device must have OpenVPN enabled and exposed to the network

Remotely exploitableNo authentication required (authentication bypass)Low complexity attackNo patch available for SCALANCE SC-600 familyAffects critical network infrastructure

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (27)

26 with fix1 pending

ProductAffected VersionsFix Status

RUGGEDCOM RM1224 LTE(4G) EU< V8.2.18.2.1

RUGGEDCOM RM1224 LTE(4G) NAM< V8.2.18.2.1

SCALANCE M804PB< V8.2.18.2.1

SCALANCE M812-1 ADSL-Router family< V8.2.18.2.1

SCALANCE M816-1 ADSL-Router family< V8.2.18.2.1

Remediation & Mitigation

0/6

Do now

0/3

SCALANCE SC-600 family

WORKAROUNDFor SCALANCE SC-600 family devices (no patch available): restrict network access to the OpenVPN port using a firewall rule; allow connections only from trusted engineering workstations or administrative networks

All products

HARDENINGEnforce strong, unique passwords on all affected device administrative accounts

WORKAROUNDDisable OpenVPN on affected devices if it is not in active use; if required, disable remote access until patches are applied

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

SCALANCE S615 LAN-Router

HOTFIXUpdate SCALANCE S615 LAN-Router and S615 EEC LAN-Router devices to firmware version 8.2.1 or later

All products

HOTFIXUpdate all SCALANCE M-800 family devices (M804PB, M812-1, M816-1, M826-2, M874-2, M874-3, M876-3, M876-4, MUB852-1, MUM853-1, MUM856-1) and RUGGEDCOM RM1224 LTE devices to firmware version 8.2.1 or later

Long-term hardening

0/1

HARDENINGSegment OT networks behind firewalls and ensure SCALANCE routers are not directly accessible from untrusted networks or the internet

CVEs (1)

CVE-2025-23384

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/29a91a09-b8d9-499a-b8b4-81746d9055f8

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.