OTPulse
FeedAboutContact

Weak Encryption Vulnerability in SCALANCE X-200IRT Devices

Monitor6.7SSA-479249Apr 11, 2023
Attack VectorAdjacent
Auth RequiredNone
ComplexityHigh
User InteractionRequired
Summary

The SSH server on SCALANCE X-200IRT industrial Ethernet switches is configured to offer weak ciphers by default. An attacker positioned on the network path between an administrator and the affected device could decrypt and modify SSH traffic, allowing them to read credentials or inject unauthorized commands to alter switch configuration or access control network segments.

What this means
What could happen
An attacker positioned between your network and the SCALANCE switch could decrypt and modify SSH traffic, potentially intercepting engineering commands or credentials sent to the device. This could lead to unauthorized configuration changes or access to control network segments.
Who's at risk
Network switches in the SCALANCE X-200IRT family (including X200, X201, X202, X204, XF200, and XF204 series) used for industrial Ethernet in manufacturing plants, water treatment facilities, and power distribution networks. Any operator using SSH to access or configure these devices is affected.
How it could be exploited
An attacker must be on the same network segment or positioned on the path between an administrator's workstation and the SCALANCE device (man-in-the-middle position). The attacker would exploit weak SSH ciphers to decrypt the encrypted session, then read or inject commands into the SSH stream.
Prerequisites
  • Network access to the SSH service (port 22) on the SCALANCE device
  • Attacker positioned on the data path between the administrator workstation and the device (same network segment or compromised intermediate device)
  • Use of the weak cipher algorithms offered by the device's SSH server
weak encryption enabled by defaultrequires network access on same segmentman-in-the-middle position requiredlow EPSS score (0.1%)
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (13)
13 with fix
ProductAffected VersionsFix Status
SCALANCE X200-4P IRT< V5.5.25.5.2
SCALANCE X201-3P IRT< V5.5.25.5.2
SCALANCE X201-3P IRT PRO< V5.5.25.5.2
SCALANCE X202-2IRT< V5.5.25.5.2
SCALANCE X202-2P IRT< V5.5.25.5.2
SCALANCE X202-2P IRT PRO< V5.5.25.5.2
SCALANCE X204IRT< V5.5.25.5.2
SCALANCE X204IRT PRO< V5.5.25.5.2
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SCALANCE X-200IRT devices to firmware version 5.5.2 or later
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/bf21a262-e702-4efb-938d-0eb2d05893ee
Weak Encryption Vulnerability in SCALANCE X-200IRT Devices | CVSS 6.7 - OTPulse