Multiple Vulnerabilities in SCALANCE SC-600 Family before V3.1

Act Now9.1SSA-602936Feb 13, 2024

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

SCALANCE SC-600 Family switches (SC622-2C, SC626-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C) contain multiple critical vulnerabilities including cryptographic weaknesses (CWE-349, CWE-328), code injection flaws (CWE-74, CWE-78), insecure deserialization (CWE-425), and resource exhaustion issues (CWE-400). These flaws could allow an attacker with administrative-level access to execute arbitrary code on the network infrastructure, disrupt communication to control devices, and potentially alter network behavior.

What this means

What could happen

An attacker with high privileges on your network could execute arbitrary code on SCALANCE SC-600 switches, potentially disrupting network connectivity between your control systems, RTUs, and SCADA servers. This could halt communication to critical infrastructure devices like PLCs, water pumps, or power distribution equipment.

Who's at risk

Water utilities, electric utilities, and any industrial facility running SIEMENS SCALANCE SC-600 industrial Ethernet switches (models SC622-2C, SC626-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C) for network connectivity between control systems. These switches are commonly used as network backbone equipment in SCADA networks and process automation environments.

How it could be exploited

An attacker with administrative-level network access could exploit one or more of the seven vulnerabilities (involving cryptographic weaknesses, code injection, resource exhaustion, and insecure deserialization) to gain remote code execution on the SC-600 switch. The attacker would then be able to manipulate network traffic, inject malicious commands, or cause the switch to become unstable or reboot.

Prerequisites

Administrative credentials for the SCALANCE SC-600 device or privileged access context on the management network
Network reachability to the management interface of the SC-600 switch
Device running affected firmware versions (any version before V3.0.2 or V3.1, depending on product line)

Remotely exploitableHigh complexity (requires administrative credentials)Critical CVSS score (9.1)Affects industrial network infrastructure (Ethernet switches)Multiple vulnerability types (cryptography, code injection, resource exhaustion)Firmware updates may require scheduled maintenance window

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (18)

18 with fix

ProductAffected VersionsFix Status

SCALANCE SC622-2C<V3.0.23.0.2

SCALANCE SC622-2C<V3.13.1

SCALANCE SC622-2CAll versionsV3.0.2 and V3.1

SCALANCE SC626-2C<V3.0.23.0.2

SCALANCE SC626-2C<V3.13.1

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict network access to the management interface of SCALANCE SC-600 switches to authorized engineering workstations and control system networks only, using firewall rules or access control lists

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

SCALANCE SC622-2C

HOTFIXUpdate SCALANCE SC622-2C, SC626-2C, SC632-2C, SC636-2C, SC642-2C, and SC646-2C devices to firmware version V3.0.2 or later (V3.1 preferred)

Long-term hardening

0/1

HARDENINGSegment SCALANCE SC-600 switches from general IT networks and untrusted networks to limit the blast radius if compromised

CVEs (8)

CVE-2023-44317 CVE-2023-44319 CVE-2023-44320 CVE-2023-44321 CVE-2023-44322 CVE-2023-44373 CVE-2023-49691 CVE-2023-49692

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8eb7c26f-5ce3-4ac1-8d75-993f065dbfbb