Multiple Vulnerabilities in SCALANCE SC-600 Family before V3.0

Plan Patch7.8SSA-333517Dec 13, 2022

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Multiple vulnerabilities in third-party components (CWE-787 buffer overflow, CWE-416 use-after-free, CWE-770 resource exhaustion) affect the SCALANCE SC-600 family of managed switches. These flaws could allow an attacker with local access to cause denial of service, memory corruption, or potentially execute arbitrary code on the switch.

What this means

What could happen

An attacker with local access to a SCALANCE SC-600 switch could cause the device to stop operating, corrupt its memory, or run unauthorized commands, disrupting network connectivity in your facility.

Who's at risk

Water authorities, electric utilities, and other industrial facilities that use SCALANCE SC-600 family managed switches (SC622-2C, SC626-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C) for plant network segmentation, process control communication, or safety system connectivity.

How it could be exploited

An attacker with local access (via USB, serial console, or web management interface) could trigger a buffer overflow, use-after-free, or resource exhaustion condition in third-party components embedded in the switch firmware. This could crash the switch, corrupt its configuration, or allow code execution that alters routing, VLANs, or network filtering rules.

Prerequisites

Local access to the switch (physical console, USB, or management interface)
User interaction (some variants may require triggering through a UI action or malformed input)
No elevated credentials required

Local access required (reduces but does not eliminate risk)Low complexity to exploitNo authentication required for some attack pathsAffects network infrastructure (if compromised, can disrupt all connected control systems)

Exploitability

Moderate exploit probability (EPSS 4.5%)

Affected products (6)

6 with fix

ProductAffected VersionsFix Status

SCALANCE SC622-2C< V3.03.0

SCALANCE SC626-2C< V3.03.0

SCALANCE SC632-2C< V3.03.0

SCALANCE SC636-2C< V3.03.0

SCALANCE SC642-2C< V3.03.0

SCALANCE SC646-2C< V3.03.0

Remediation & Mitigation

0/3

Do now

0/2

HARDENINGRestrict physical and network management access to the switches using firewall rules, access control lists, and physical security (lock console ports or disable USB)

HARDENINGDisable unnecessary management interfaces (web UI, Telnet) on switches that do not require remote administration

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all SCALANCE SC-600 family switches to firmware version V3.0 or later

CVEs (4)

CVE-2018-25032 CVE-2022-30065 CVE-2022-32205 CVE-2022-32206

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/17a6c720-1459-4180-b896-444464f3d6d4