Multiple Vulnerabilities in Industrial Communication Devices based on SINEC OS before V3.2

Monitor6.5SSA-693776Jun 10, 2025

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Multiple authorization bypass vulnerabilities in Siemens industrial network switches based on SINEC OS before V3.2. These flaws allow an authenticated attacker with guest-level privileges to circumvent access controls and execute administrative actions beyond their role permissions. Affected devices include RUGGEDCOM RST2428P and various SCALANCE switch models (XCH, XCM, XRM, XRH). The vulnerabilities stem from improper access control checks (CWE-863) and possible race conditions (CWE-362).

What this means

What could happen

An attacker with low-level guest credentials could execute administrative actions on these industrial network switches, potentially reconfiguring network settings, access controls, or routing—disrupting communication between field devices and control systems.

Who's at risk

Manufacturing facilities using Siemens industrial network infrastructure, specifically those with RUGGEDCOM RST2428P switches or SCALANCE XCH/XCM/XRM/XRH managed switches in production automation, quality control, or plant-wide network backbone roles.

How it could be exploited

An attacker with valid guest-level credentials can authenticate to the device's management interface (web UI or SSH) and exploit authorization bypass flaws to access administrative functions. This allows execution of privileged commands without needing actual admin credentials.

Prerequisites

Valid guest-level user credentials
Network access to the device management interface (typically port 22 SSH or port 80/443 HTTP)
Authentication to the device is required

Remotely exploitableRequires valid credentialsLow attack complexityAffects network infrastructure availability and integrity

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (15)

15 with fix

ProductAffected VersionsFix Status

RUGGEDCOM RST2428P (6GK6242-6PA00)< 3.23.2

SCALANCE XCH328< 3.23.2

SCALANCE XCM324< 3.23.2

SCALANCE XCM328< 3.23.2

SCALANCE XCM332< 3.23.2

SCALANCE XRH334 (24 V DC, 8xFO, CC)< 3.23.2

SCALANCE XRM334 (230 V AC, 12xFO)< 3.23.2

SCALANCE XRM334 (230 V AC, 8xFO)< 3.23.2

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all affected RUGGEDCOM and SCALANCE devices to SINEC OS V3.2 or later

CVEs (3)

CVE-2025-40567 CVE-2025-40568 CVE-2025-40569

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/152209c7-c406-4785-8e40-e715e1c21d32