Denial of Service Vulnerability in the SNMP Agent of SCALANCE X-200IRT Products
Act Now7.5SSA-617755Feb 14, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
The SNMP agent in Siemens SCALANCE X-200IRT industrial Ethernet switches contains an input validation flaw (CWE-20) that allows remote, unauthenticated attackers to cause a denial of service by sending malformed SNMP packets. The vulnerability affects all X-200IRT and XF-200IRT models as well as SIPLUS NET SCALANCE X202-2P IRT with firmware versions below V5.5.0. Siemens has released firmware V5.5.0 as a fix for all affected products.
What this means
What could happen
An attacker can send crafted SNMP queries to these network switches, causing them to stop responding. If these switches carry time-synchronization or control traffic for your water/electric systems, loss of connectivity could disrupt SCADA communications and process control.
Who's at risk
Network operations teams managing water distribution systems, electric utilities, and manufacturing plants that use Siemens SCALANCE X-200IRT industrial Ethernet switches for SCADA or process control network connectivity. These switches are commonly used to segregate and protect control networks in water treatment, electrical distribution, and industrial automation environments.
How it could be exploited
An attacker with network access to the SNMP port (typically UDP 161) on a SCALANCE X-200IRT switch can send a malformed SNMP message that crashes or hangs the switch's SNMP agent, rendering the device unresponsive to network queries and potentially disrupting any control systems that depend on the switch.
Prerequisites
- Network access to UDP port 161 (SNMP) on the switch
- No authentication required (SNMP community strings not needed for this flaw)
Remotely exploitableNo authentication requiredLow complexity attackHigh EPSS score (15.4%)Affects network infrastructure critical to plant operationsSNMP agent vulnerable in standard configuration
Exploitability
High exploit probability (EPSS 15.4%)
Affected products (13)
13 with fix
ProductAffected VersionsFix Status
SCALANCE X200-4P IRT< V5.5.05.5.0
SCALANCE X201-3P IRT< V5.5.05.5.0
SCALANCE X201-3P IRT PRO< V5.5.05.5.0
SCALANCE X202-2IRT< V5.5.05.5.0
SCALANCE X202-2P IRT< V5.5.05.5.0
SCALANCE X202-2P IRT PRO< V5.5.05.5.0
SCALANCE X204IRT< V5.5.05.5.0
SCALANCE X204IRT PRO< V5.5.05.5.0
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate all affected SCALANCE X-200IRT switches to firmware version V5.5.0 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/441d6591-c07b-4e8e-b18b-1847d7a01993