Cross-Site Scripting Vulnerability in SCALANCE X-200 and X-200IRT Families
Act Now9.6SSA-501891Oct 11, 2022
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
A cross-site scripting (XSS) vulnerability exists in the web-based management interface of SCALANCE X-series industrial switches. An attacker can inject malicious scripts into the web interface that execute in the context of an authenticated administrator's browser session. This could allow theft of session cookies and hijacking of management sessions.
What this means
What could happen
An attacker with network access to the switch web interface could steal an administrator's session credentials and gain unauthorized remote access to switch management functions, potentially allowing reconfiguration or shutdown of network connectivity in your facility.
Who's at risk
Network managers and control system operators at water utilities and power plants using SCALANCE X-series industrial managed switches (X200, X201, X202, X204, X206, X208, X212, X216, X224 families and XF variants) for industrial automation and process network connectivity.
How it could be exploited
An attacker with network access to port 80/443 of a vulnerable SCALANCE switch crafts a malicious URL containing XSS payload and tricks an administrator into clicking it. When the administrator accesses the link, the injected script executes in their browser, allowing the attacker to steal the session cookie and impersonate the administrator without needing to know the password.
Prerequisites
- Network access to HTTP/HTTPS port of the switch (typically port 80 or 443)
- An administrator must visit a malicious link or access a compromised page while logged into the switch
- The switch must be running an affected firmware version
remotely exploitableuser interaction requiredno authentication required for initial XSS injectionaffects network access control and management plane
Exploitability
Low exploit probability (EPSS 0.7%)
Affected products (30)
30 with fix
ProductAffected VersionsFix Status
SCALANCE X200-4P IRT< V5.5.05.5.0
SCALANCE X201-3P IRT< V5.5.05.5.0
SCALANCE X201-3P IRT PRO< V5.5.05.5.0
SCALANCE X202-2IRT< V5.5.05.5.0
SCALANCE X202-2P IRT< V5.5.05.5.0
Remediation & Mitigation
0/4
Do now
0/1WORKAROUNDRestrict network access to switch web management interfaces (ports 80/443) to authorized administrator workstations only using firewall rules or network segmentation
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
SCALANCE X202-2P IRT
HOTFIXUpdate SCALANCE X200/X201/X202/X204IRT/XF204-2BA IRT/XF204IRT and SIPLUS NET SCALANCE X202-2P IRT switches to firmware version 5.5.0 or later
All products
HOTFIXUpdate SCALANCE X204/X206/X208/X212/X216/X224 and XF204/XF206/XF208 switches to firmware version 5.2.5 or later
Long-term hardening
0/1HARDENINGImplement network segmentation to isolate switch management access from untrusted network segments
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/9035338e-525a-4aef-b7b9-e944799041bd