Multiple Vulnerabilities in SCALANCE M-800 Family Before V8.0

Act Now9.1SSA-180704Dec 12, 2023

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

The SCALANCE M-800 family industrial routers before version 8.0 contain multiple critical vulnerabilities affecting encryption (CWE-321, CWE-328), credential storage (CWE-1284), input validation (CWE-74, CWE-252), and command execution (CWE-78, CWE-567). These flaws could allow an attacker with administrative credentials to modify configurations, intercept traffic, or execute arbitrary commands on the network gateway. Affected devices include RUGGEDCOM RM1224 LTE variants, SCALANCE M8xx ADSL/SHDSL routers, SCALANCE MUM853/MUM856 routers, and SCALANCE S615 LAN routers used in utility networks.

What this means

What could happen

An attacker with administrative access to these industrial routers could modify network configurations, intercept communications, or execute arbitrary code, potentially disrupting critical operations at water treatment plants, electric substations, or other utility control networks.

Who's at risk

Water utilities, electric utilities, and other critical infrastructure operators using Siemens SCALANCE M-800 family routers (including RUGGEDCOM RM1224 LTE models, SCALANCE M8xx ADSL/SHDSL routers, and SCALANCE MUM/S615 LAN routers) for network connectivity at substations, treatment plants, or remote sites.

How it could be exploited

An attacker who obtains or already has administrative credentials to one of these routers could exploit multiple vulnerabilities including hardcoded credentials, improper encryption, and input validation flaws to gain deeper control of the device, modify routing rules, inject commands, or pivot to other systems on the network.

Prerequisites

Administrative access credentials to the router
Network access to router management interface (HTTP/HTTPS or serial console)
Knowledge of specific vulnerability details for exploitation

Multiple critical vulnerabilities in one componentAffects network gateway—compromise impacts entire facility networkHigh CVSS score (9.1)Low attack complexitySome products have no patch plannedAdministrative access required limits immediate risk but high impact if compromised

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (36)

36 with fix

ProductAffected VersionsFix Status

RUGGEDCOM RM1224 LTE(4G) EU<V8.08.0

RUGGEDCOM RM1224 LTE(4G) NAM<V8.08.0

SCALANCE M804PB<V8.08.0

SCALANCE M812-1 ADSL-Router<V8.08.0

SCALANCE M816-1 ADSL-Router<V8.08.0

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGChange default or hardcoded administrative credentials immediately if they exist on your devices

WORKAROUNDRestrict management access to these routers via firewall rules to limit to trusted engineering networks and jump hosts only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all SCALANCE M-800 family routers to firmware version 8.0 or later

Long-term hardening

0/1

HARDENINGFor products where firmware v8.0 is not available (all versions listed as 'no fix'), apply network segmentation to isolate routers from untrusted networks and restrict administrative access to authorized personnel only

CVEs (7)

CVE-2022-46143 CVE-2023-44318 CVE-2023-44319 CVE-2023-44322 CVE-2023-44373 CVE-2023-44374 CVE-2023-49691

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/69b0044d-8736-4b85-abca-7d00741e853b