Cross-Site Scripting Vulnerabilities in SCALANCE X Switches
Monitor5.8SSA-480829Jun 12, 2018
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionRequired
Summary
Two cross-site scripting (XSS) vulnerabilities exist in the web server of SCALANCE X switches. An attacker can inject malicious scripts that execute in the browser of an operator accessing the switch management interface. This could allow theft of session credentials or modification of switch configurations. Affected models include SCALANCE X-200IRT, X-200RNA, X-300 (including X-408), and X-200 families in versions prior to the patch releases listed.
What this means
What could happen
An attacker could inject malicious scripts into the web interface of SCALANCE X switches, potentially compromising the credentials or session of an operator who accesses the management interface, leading to unauthorized control of network switching and segmentation.
Who's at risk
Network administrators and operators of water utilities, electric utilities, and other critical infrastructure that rely on SCALANCE X industrial Ethernet switches for plant network segmentation and device communication. Specifically affects operators who access the web management interface of switches in the X-200, X-200IRT, X-200RNA, and X-300 families (including SIPLUS NET ruggedized variants).
How it could be exploited
An attacker crafts a malicious URL or lures an operator to click a link containing XSS payload. When the operator accesses the switch's web interface through that link, the injected script executes in their browser, stealing session cookies or credentials, which the attacker can then use to reconfigure the switch remotely.
Prerequisites
- Network access to the switch web management interface (typically port 80/443)
- Operator must click a malicious link or visit attacker-controlled page
- Operator must be logged into or have an active session with the switch
Remotely exploitableRequires user interaction (operator must click malicious link)Low complexity attackDefault credentials risk if interface not properly securedAffects network infrastructure critical to process operations
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (4)
4 with fix
ProductAffected VersionsFix Status
SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)< V5.4.15.4.1
SCALANCE X-200RNA switch family< V3.2.73.2.7
SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)< V4.1.34.1.3
SCALANCE X-200 switch family (incl. SIPLUS NET variants)< V5.2.35.2.3
Remediation & Mitigation
0/6
Do now
0/2HARDENINGRestrict network access to switch web management interfaces using firewall rules; allow only from authorized engineering workstations or management subnets
WORKAROUNDDisable web management interface if not actively needed; use alternative management methods (SSH, SNMP over secure channels)
Schedule — requires maintenance window
0/4Patching may require device reboot — plan for process interruption
SCALANCE X-200RNA switch family
HOTFIXUpdate SCALANCE X-200RNA switch family to firmware version 3.2.7 or later
All products
HOTFIXUpdate SCALANCE X-200IRT switch family to firmware version 5.4.1 or later
HOTFIXUpdate SCALANCE X-300 switch family (including X-408) to firmware version 4.1.3 or later
HOTFIXUpdate SCALANCE X-200 switch family to firmware version 5.2.3 or later
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/29f4e7bd-f360-461e-910b-caa0f6b29e88