Vulnerability in OSPF Packet Handling of SCALANCE XM-400 and XR-500 Devices

Monitor5.9SSA-145224Jun 14, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

SCALANCE XM-400 and XR-500 managed switches and routing modules contain a flaw in how they handle OSPF (Open Shortest Path First) routing protocol packets. An unauthenticated attacker on the network can send a malformed OSPF packet to trigger a denial of service condition, causing the device to stop responding or crash. This affects network availability and can interrupt communication between automation systems and control devices that rely on these switches for routing.

What this means

What could happen

An attacker on the network can send specially crafted OSPF packets to cause the device to become unresponsive or crash, disrupting your network connectivity and any process automation that depends on it.

Who's at risk

Water authorities and electric utilities using SCALANCE XM-400 or XR-500 managed switches and routing modules should care about this. These are industrial network devices commonly used as backbone switches in plant networks. If your facility uses OSPF for routing between network segments, this vulnerability could disrupt communication between control systems, data historians, and remote monitoring equipment.

How it could be exploited

An attacker sends a malformed OSPF packet to the device over the network. The device's OSPF packet handler fails to properly validate the packet, causing a denial of service. No credentials or special network position is required.

Prerequisites

Network access to the device on OSPF port (typically UDP 89)
Device must have OSPF routing enabled

remotely exploitableno authentication requiredlow complexityaffects network availability

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (25)

25 with fix

ProductAffected VersionsFix Status

SCALANCE XM408-4C< V6.56.5

SCALANCE XM408-4C (L3 int.)< V6.56.5

SCALANCE XM408-8C< V6.56.5

SCALANCE XM408-8C (L3 int.)< V6.56.5

SCALANCE XM416-4C< V6.56.5

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SCALANCE XM-400 and XR-500 devices to firmware version 6.5 or later

CVEs (1)

CVE-2021-37182

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e5cf7838-8500-43a2-a02f-b98602271653