Multiple Vulnerabilities in SCALANCE Products

Plan Patch7.6SSA-413565Dec 13, 2022

Attack VectorAdjacent

Auth RequiredHigh

ComplexityHigh

User InteractionNone needed

Summary

Multiple vulnerabilities in SCALANCE industrial switches, routers, and wireless devices allow code injection, debug information disclosure, and credential extraction. The issues stem from weak cryptographic implementation, insecure credential handling, and improper input validation across the SCALANCE product family. Vulnerabilities span SC-series managed switches, XB/XC/XF/XP/XR data switches, WAM/WUM/WAB/WUB wireless access points, M-series and RUGGEDCOM remote routers, and W-series wireless bridges. A subset of older W-series devices (W1748, W1788, W721-W788) will not receive patches and require compensating controls.

What this means

What could happen

An attacker with network access to these switches and routers could inject malicious code that executes with device privileges, extract sensitive debug information or stored passwords, or disable the command-line interface—disrupting network operations that critical infrastructure like water and power systems depend on.

Who's at risk

This impacts industrial network operators who rely on Siemens SCALANCE switches and routers for critical infrastructure control—water treatment facilities, electric utilities, and manufacturing plants that use these devices for OT network segmentation and remote site connectivity. Affected devices include managed industrial Ethernet switches (SC, XC, XB, XF, XP, XR series), wireless access points (WAM, WUM, WAB, WUB series), and wide-area routers (M-series, RUGGEDCOM) that typically sit between engineering workstations and PLCs, RTUs, or other control equipment.

How it could be exploited

An attacker on the same network segment as a vulnerable SCALANCE device could send specially crafted requests to exploit weak cryptography or input validation flaws, allowing code injection or debug data extraction. Some vulnerabilities may require administrator credentials, but the combination of issues across the product line creates a significant attack surface for network-based compromise.

Prerequisites

Network access to the vulnerable device on the same VLAN or routable segment
Some variants require administrative credentials to trigger the vulnerability
Device must be running an affected firmware version

Multiple vulnerabilities in single product familyWeak cryptography (CWE-327)Credential storage issues (CWE-257)Code injection possible (CWE-94)No patches available for W-series wireless devicesHigh CVSS score (7.6)Affects network-critical devices for ICS/OT operations

Exploitability

Low exploit probability (EPSS 0.7%)

Affected products (177)

149 with fix28 pending

ProductAffected VersionsFix Status

SCALANCE SC622-2C≥ V2.3, < V3.03.0

SCALANCE SC626-2C< V2.32.3

SCALANCE SC626-2C≥ V2.3, < V3.03.0

SCALANCE SC632-2C< V2.32.3

SCALANCE SC632-2C≥ V2.3, < V3.03.0

Remediation & Mitigation

0/7

Do now

0/1

WORKAROUNDRestrict network access to SCALANCE device management interfaces (SSH, HTTP/HTTPS, Telnet) using firewall rules and access control lists—allow only from authorized engineering workstations

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

SCALANCE SC622-2C

HOTFIXUpdate SCALANCE SC622-2C, SC626-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C to firmware V2.3 or later (or V3.0 for versions 2.3+)

SCALANCE WAB762-1

HOTFIXUpdate SCALANCE WAB762-1, WAM763-1, WAM766-1, WUB762-1, WUM763-1, WUM766-1 to firmware V3.0.0 or later (or V2.0.0 for older releases)

All products

HOTFIXUpdate RUGGEDCOM RM1224 LTE and SCALANCE M-series routers (M804PB, M812, M816, M826, M874, M876, MUM856, S615) to firmware V7.2 or later

HOTFIXUpdate SCALANCE XB, XC, XF, XP, XR switches to firmware V4.4 or later (V6.6 for XM and XR 5-series)

Long-term hardening

0/2

HARDENINGFor SCALANCE W-series access points with no patch available (W1748-1, W1788 variants, W721, W722, W734, W738, W748, W761, W774, W778, W786, W788), implement network segmentation to restrict access to administrative functions and isolate these devices from untrusted segments

HARDENINGReview and disable any unnecessary CLI or debug services exposed on SCALANCE devices if supported by firmware version

CVEs (5)

CVE-2022-34821 CVE-2022-46140 CVE-2022-46142 CVE-2022-46143 CVE-2022-46144

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/24591811-4efd-49f0-873a-85a125500e7e