Multiple Vulnerabilities in SCALANCE M-800 Family Before V7.2.2

Plan Patch7.2SSA-068047Dec 12, 2023

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

SCALANCE M-800 family and related Siemens industrial routers are affected by multiple vulnerabilities affecting authentication, command injection, and information disclosure (CWE-349, CWE-425, CWE-78). These vulnerabilities allow attackers with high-level privileges to execute arbitrary commands, bypass security controls, and access sensitive configuration data on devices running firmware versions before V7.2.2.

What this means

What could happen

An attacker with administrative credentials or elevated privileges on the device could execute arbitrary commands to alter router configuration, intercept traffic, or disrupt network connectivity to field devices and control systems. Loss of communications to remote equipment (RTUs, PLCs, edge gateways) could halt operations or prevent telemetry from reaching the control center.

Who's at risk

Water utilities, electric utilities, and manufacturing facilities using Siemens SCALANCE M-800 series industrial routers for edge networking, remote site connectivity (ADSL/SHDSL/LTE backhaul), or control network segmentation. Affected models include SCALANCE M804PB, M812/816/826/874/876 ADSL/SHDSL routers, MUM853/MUM856 industrial modems, and SCALANCE S615 LAN routers. Any facility relying on these devices for communications to remote terminal units (RTUs), distributed control systems, or telemetry networks.

How it could be exploited

An attacker with valid administrative credentials or high-level user access to the SCALANCE router's management interface (web UI, SSH, or CLI) could exploit command injection or privilege escalation flaws to run arbitrary commands on the device, modify firewall rules, create backdoor accounts, or extract configuration files containing credentials and network topology.

Prerequisites

Valid high-privilege user credentials (engineering or administrative account) on the SCALANCE router
Network access to management interface (port 22 for SSH, port 80/443 for web UI, or serial console access)
Device must be running firmware version prior to V7.2.2

Requires high-privilege credentials (but insider threat risk)Low complexity exploitation once authenticatedAffects critical network infrastructure (industrial routers)Multiple vulnerability types (authentication bypass, command injection, information disclosure)

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (18)

18 with fix

ProductAffected VersionsFix Status

RUGGEDCOM RM1224 LTE(4G) EU<V7.2.27.2.2

RUGGEDCOM RM1224 LTE(4G) NAM<V7.2.27.2.2

SCALANCE M804PB<V7.2.27.2.2

SCALANCE M812-1 ADSL-Router<V7.2.27.2.2

SCALANCE M816-1 ADSL-Router<V7.2.27.2.2

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict network access to router management interfaces (SSH, web UI, serial console) to engineering workstations and network management servers only using firewall rules or out-of-band management networks

HARDENINGChange default or weak administrative credentials on all SCALANCE routers and implement strong password policy

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all affected SCALANCE M-800 routers and industrial modems to firmware version V7.2.2 or later

Long-term hardening

0/1

HARDENINGAudit user accounts with high-level privileges and remove unnecessary administrative accounts, following principle of least privilege

CVEs (3)

CVE-2023-44317 CVE-2023-44320 CVE-2023-49692

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d7e68885-cabc-4340-a83e-9da7b0f45d1f