Multiple OpenSSL and OpenSSH Vulnerabilities in SCALANCE X-200RNA Switch Devices before V3.2.7
Act Now9.8SSA-412672Dec 13, 2022
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
SCALANCE X-200RNA switch devices before V3.2.7 contain multiple OpenSSL and OpenSSH vulnerabilities that could allow denial of service or arbitrary code execution. Affected variants include HSR and PRP models with standard and EEC configurations.
What this means
What could happen
An attacker with network access to the switch could run arbitrary code on the device, potentially disrupting network connectivity across your control system or gaining persistent access to a critical network node.
Who's at risk
Water utilities and municipalities using SCALANCE X-200RNA managed switches in their control networks should prioritize this. These switches are commonly deployed in industrial Ethernet networks for process control, SCADA, and safety systems. All HSR (High-availability Seamless Redundancy) and PRP (Parallel Redundancy Protocol) variants are affected.
How it could be exploited
An attacker sends a specially crafted network request to the switch's OpenSSL or OpenSSH service without needing credentials. The vulnerability allows code execution on the switch, enabling the attacker to modify routing tables, capture traffic, or disable the device entirely.
Prerequisites
- Network connectivity to the SCALANCE X-200RNA switch on its management or SSH port (typically port 22 for SSH, port 443 for web management)
- No credentials required for exploitation of the OpenSSL vulnerability
remotely exploitableno authentication requiredlow complexityhigh EPSS score (93.9%)affects network infrastructure
Exploitability
High exploit probability (EPSS 93.9%)
Affected products (5)
5 with fix
ProductAffected VersionsFix Status
SCALANCE X204RNA (HSR)< V3.2.73.2.7
SCALANCE X204RNA (PRP)< V3.2.73.2.7
SCALANCE X204RNA EEC (HSR)< V3.2.73.2.7
SCALANCE X204RNA EEC (PRP)< V3.2.73.2.7
SCALANCE X204RNA EEC (PRP/HSR)< V3.2.73.2.7
Remediation & Mitigation
0/3
Do now
0/2HARDENINGRestrict network access to the switch's management port (SSH, web UI) to authorized engineering workstations and management networks only, using firewall rules or network segmentation
WORKAROUNDDisable SSH or web management access on untrusted network segments if not actively used for remote management
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate SCALANCE X-200RNA switches to firmware version 3.2.7 or later
CVEs (83)
CVE-2003-0190CVE-2003-1562CVE-2014-8176CVE-2015-0207CVE-2015-0208CVE-2015-0209CVE-2015-0285CVE-2015-0286CVE-2015-0287CVE-2015-0288CVE-2015-0289CVE-2015-0290CVE-2015-0291CVE-2015-0292CVE-2015-0293CVE-2015-1787CVE-2015-1788CVE-2015-1789CVE-2015-1790CVE-2015-1791CVE-2015-1792CVE-2015-1794CVE-2015-3193CVE-2015-3194CVE-2015-3195CVE-2015-3196CVE-2015-3197CVE-2015-4000CVE-2015-5352CVE-2015-5600CVE-2015-6563CVE-2015-6564CVE-2015-6565CVE-2015-8325CVE-2016-0701CVE-2016-0702CVE-2016-0703CVE-2016-0704CVE-2016-0705CVE-2016-0777CVE-2016-0778CVE-2016-0797CVE-2016-0798CVE-2016-0799CVE-2016-0800CVE-2016-1907CVE-2016-1908CVE-2016-2105CVE-2016-2106CVE-2016-2107CVE-2016-2108CVE-2016-2109CVE-2016-2176CVE-2016-2177CVE-2016-2178CVE-2016-2179CVE-2016-2180CVE-2016-2181CVE-2016-2182CVE-2016-2183CVE-2016-6210CVE-2016-6302CVE-2016-6303CVE-2016-6304CVE-2016-6305CVE-2016-6306CVE-2016-6307CVE-2016-6308CVE-2016-6515CVE-2016-8858CVE-2016-10009CVE-2016-10010CVE-2016-10011CVE-2016-10012CVE-2017-3735CVE-2017-15906CVE-2018-15473CVE-2018-20685CVE-2019-1552CVE-2019-6109CVE-2019-6110CVE-2019-6111CVE-2019-16905
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/1cac71d4-0e57-47bb-bd97-3133bf110661