Denial of Service Vulnerability in the TCP Event Service of SCALANCE and RUGGEDCOM Products
Plan Patch8.6SSA-697140Oct 11, 2022
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
The TCP event service in SCALANCE and RUGGEDCOM products contains an input validation flaw (CWE-20) that allows an unauthenticated remote attacker to send malformed packets that crash the service, rendering the device unavailable. The vulnerability affects multiple SCALANCE router families (M-series, S615, WAM, WUM) and RUGGEDCOM RM1224 LTE cellular routers. CVSS score 8.6 indicates high severity due to widespread availability impact across multiple device families without requiring authentication or user interaction.
What this means
What could happen
An attacker can send specially crafted packets to the TCP event service on these routers, causing them to crash and stop operating. This disrupts network connectivity for your process control systems and remote monitoring.
Who's at risk
Water utilities and power distribution operators using Siemens SCALANCE and RUGGEDCOM routers for remote network connectivity and SCADA data transmission. Affects hardened routers used in field substations, pump stations, and remote terminal units (RTUs) that rely on these devices for out-of-band management and telemetry backhaul.
How it could be exploited
An attacker on the network sends malformed TCP packets to the event service port on the router. The vulnerable code fails to validate the packet structure, crashes the service, and renders the device unusable until reboot.
Prerequisites
- Network reachability to the TCP event service port on the router
- No authentication required
Remotely exploitableNo authentication requiredLow complexity attackHigh availability impactAffects network infrastructure critical to process operations
Exploitability
Low exploit probability (EPSS 1.0%)
Affected products (26)
26 with fix
ProductAffected VersionsFix Status
RUGGEDCOM RM1224 LTE(4G) EU< V7.1.27.1.2
RUGGEDCOM RM1224 LTE(4G) NAM< V7.1.27.1.2
SCALANCE M804PB< V7.1.27.1.2
SCALANCE M812-1 ADSL-Router< V7.1.27.1.2
SCALANCE M816-1 ADSL-Router< V7.1.27.1.2
Remediation & Mitigation
0/6
Do now
0/1WORKAROUNDRestrict network access to the TCP event service port on affected routers using firewall rules; only permit traffic from trusted engineering and management stations
Schedule — requires maintenance window
0/4Patching may require device reboot — plan for process interruption
SCALANCE M876-4 (NAM)
HOTFIXUpdate RUGGEDCOM RM1224 LTE(4G) (both EU and NAM variants) to firmware version 7.1.2 or later
SCALANCE WAM763-1
HOTFIXUpdate SCALANCE WAM763-1, WAM766-1 (all variants), WUM763-1, and WUM766-1 wireless modules to firmware version 3.0.0 or later
All products
HOTFIXUpdate SCALANCE M-series routers (M804PB, M812-1, M816-1, M826-2, M874-2, M874-3, M876-3, M876-4, MUM853-1, MUM856-1) to firmware version 7.1.2 or later
HOTFIXUpdate SCALANCE S615 series LAN routers to firmware version 7.1.2 or later
Long-term hardening
0/1HARDENINGImplement network segmentation to isolate critical control systems from direct access to these routers' event service ports
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/43c4084b-19e0-47ec-a11a-d86d6743a626