OTPulse
FeedAboutContact

Incorrect Authorization Check Vulnerability in Industrial Communication Devices based on SINEC OS before V3.1

Monitor4.3SSA-633269Jun 10, 2025
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

An incorrect authorization check vulnerability exists in RUGGEDCOM RST2428P and SCALANCE XC/XR/XRH/XRM series industrial network devices running SINEC OS before version 3.1. The flaw allows an authenticated user with guest-level permissions to perform actions that should be restricted to higher-privilege roles, such as modifying network configurations or accessing restricted device settings. This could allow an attacker to alter network topology, disable redundancy, or gain access to sensitive device management functions.

What this means
What could happen
An authenticated attacker with guest-level credentials could perform unauthorized actions on these network switches and routers that should be restricted to higher-privilege roles, potentially allowing them to modify network configurations or access restricted settings.
Who's at risk
Manufacturing facilities operating Siemens RUGGEDCOM and SCALANCE industrial network switches and routers (RST2428P, XC/XR/XRH/XRM series) that use SINEC OS. These devices typically connect PLCs, I/O devices, and control systems in automation networks.
How it could be exploited
An attacker with valid guest account credentials (or who can obtain them through default accounts) can send commands to the SINEC OS device to bypass the authorization check, allowing them to perform actions normally restricted to administrative users. This requires network access to the management interface of the affected industrial switch or router.
Prerequisites
  • Valid guest or user-level credentials for the device
  • Network access to the device management interface (typically port 80/443 or proprietary management ports)
  • Device running SINEC OS version before V3.1
Remotely exploitableRequires authenticationLow complexity attackWide range of affected productsAffects network infrastructure that connects critical control devices
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (29)
29 with fix
ProductAffected VersionsFix Status
RUGGEDCOM RST2428P (6GK6242-6PA00)< V3.13.1
SCALANCE XC316-8< V3.13.1
SCALANCE XC324-4< V3.13.1
SCALANCE XC324-4 EEC< V3.13.1
SCALANCE XC332< V3.13.1
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all affected RUGGEDCOM and SCALANCE devices to SINEC OS version 3.1 or later
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/da99ffc0-d37a-4cf3-82e5-8aacd71070c6
Incorrect Authorization Check Vulnerability in Industrial Communication Devices based on SINEC OS before V3.1 | CVSS 4.3 - OTPulse