Denial-of-Service Vulnerability in SCALANCE and RUGGEDCOM Devices

Plan Patch8.6SSA-296266Mar 9, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Vulnerability in SSH authentication on Siemens RUGGEDCOM RM1224, SCALANCE M-800, SCALANCE S615, and SCALANCE SC-600 devices could allow an attacker to cause a denial-of-service condition. The vulnerability affects devices with firmware versions: RM1224 V6.3 and earlier, SCALANCE M-800 V6.3 and earlier, SCALANCE S615 V6.3 and earlier, and SCALANCE SC-600 V2.1 through V2.1.2. An attacker could send malformed SSH requests to crash the SSH service on affected devices.

What this means

What could happen

An attacker could crash the SSH service on these network switches, causing the devices to become temporarily unresponsive and disrupting network connectivity to critical systems at your facility.

Who's at risk

Operators of industrial network switches at water utilities and electric utilities that use Siemens RUGGEDCOM RM1224, SCALANCE M-800, SCALANCE S615, or SCALANCE SC-600 switches. These devices are critical for network connectivity between control systems, PLCs, and HMIs.

How it could be exploited

An attacker on the network sends specially crafted SSH authentication requests to the device. The malformed requests cause the SSH service to fail, making the switch unresponsive until it is manually restarted. The attacker does not need valid credentials or authentication.

Prerequisites

Network access to the SSH port (default port 22) on the affected device
No authentication required

remotely exploitableno authentication requiredlow complexityaffects network connectivityhigh CVSS score (8.6)

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

RUGGEDCOM RM1224V6.36.4

SCALANCE M-800V6.36.4

SCALANCE S615V6.36.4

SCALANCE SC-600All Versions ≥ V2.1 and < V2.1.32.1.3

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDRestrict SSH access to these devices to authorized engineering networks using firewall rules or access control lists

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

RUGGEDCOM RM1224

HOTFIXUpdate RUGGEDCOM RM1224 to firmware version 6.4 or later

SCALANCE M-800

HOTFIXUpdate SCALANCE M-800 to firmware version 6.4 or later

SCALANCE S615

HOTFIXUpdate SCALANCE S615 to firmware version 6.4 or later

SCALANCE SC-600

HOTFIXUpdate SCALANCE SC-600 to firmware version 2.1.3 or later

CVEs (1)

CVE-2021-25676

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0e1542b5-8e6f-4409-a327-3dcac27f2e5e