Multiple Vulnerabilities in Third-Party Components in SINEC OS before V3.3
Act Now10SSA-089022Jan 28, 2026
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
SINEC OS before version 3.3 contains multiple vulnerabilities in third-party components including buffer overflows, out-of-bounds access, improper input validation, TLS certificate verification bypass, path traversal, and use-after-free conditions. These affect RUGGEDCOM RST2428P and multiple SCALANCE industrial switch/router models. Exploitation could allow remote code execution, denial of service, or unauthorized information disclosure without authentication.
What this means
What could happen
An attacker with network access to these industrial switches and routers could execute arbitrary code, disable connectivity, or manipulate network traffic—potentially disrupting communication to water treatment, power distribution, or other critical OT systems.
Who's at risk
Water authorities and utilities using Siemens industrial network devices (RUGGEDCOM, SCALANCE) for connecting field equipment, RTUs, and supervisory systems. The RUGGEDCOM RST2428P is used in harsh outdoor environments; SCALANCE switches are common in substation and plant network backbones. Any organization relying on these for OT network backbone connectivity is affected.
How it could be exploited
An attacker on the network can send a specially crafted network packet to an affected device without authentication. The device processes the packet using vulnerable third-party libraries, allowing the attacker to execute commands, crash the device, or alter its configuration.
Prerequisites
- Network access to the device (remote reachability)
- No credentials required
- Device running SINEC OS version 3.2 or earlier
remotely exploitableno authentication requiredlow complexityactively exploited (KEV)high EPSS score (50.3%)affects network infrastructure (cascading impact to all connected systems)
Exploitability
Actively exploited — confirmed by CISA KEV
Affected products (16)
16 with fix
ProductAffected VersionsFix Status
RUGGEDCOM RST2428P (6GK6242-6PA00)< 3.33.3
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family< 3.33.3
SCALANCE XCH328< 3.33.3
SCALANCE XCM324< 3.33.3
SCALANCE XCM328< 3.33.3
Remediation & Mitigation
0/3
Do now
0/2HOTFIXUpdate SINEC OS to version 3.3 or later on all affected RUGGEDCOM and SCALANCE devices
WORKAROUNDIf immediate patching is not possible, restrict network access to these devices using firewall rules to trusted engineering workstations and control systems only
Long-term hardening
0/1HARDENINGSegment industrial network to isolate these switches/routers from untrusted network segments
CVEs (51)
CVE-2022-48174CVE-2023-7256CVE-2023-39810CVE-2023-42363CVE-2023-42364CVE-2023-42365CVE-2023-42366CVE-2024-6197CVE-2024-6874CVE-2024-7264CVE-2024-8006CVE-2024-8096CVE-2024-9681CVE-2024-11053CVE-2024-12718CVE-2024-41996CVE-2024-47619CVE-2024-52533CVE-2025-0167CVE-2025-0665CVE-2025-0725CVE-2025-1390CVE-2025-3360CVE-2025-4138CVE-2025-4330CVE-2025-4373CVE-2025-4435CVE-2025-4516CVE-2025-4517CVE-2025-6141CVE-2025-9086CVE-2025-9230CVE-2025-9231CVE-2025-9232CVE-2025-10148CVE-2025-27587CVE-2025-32433CVE-2025-38084CVE-2025-38085CVE-2025-38086CVE-2025-38345CVE-2025-38350CVE-2025-38498CVE-2025-39839CVE-2025-39841CVE-2025-39846CVE-2025-39853CVE-2025-39860CVE-2025-39864CVE-2025-39865CVE-2025-59375
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/ba3a09f5-d981-4a57-8724-0618a284a7e3