OTPulse
FeedAboutContact

Multiple Vulnerabilities in SCALANCE XCM-/XRM-300 before V2.4

Act Now9.8SSA-806742Feb 13, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

SCALANCE XCM-/XRM-300 series managed switches contain multiple critical vulnerabilities affecting authentication, encryption, input validation, and memory handling. These weaknesses could allow an attacker to gain unauthorized access, execute arbitrary code, bypass security controls, or cause denial of service without authentication or user interaction required.

What this means
What could happen
An attacker could remotely take full control of your network switches, intercept communications between your PLC and engineering systems, or shut down network connectivity to critical water treatment or electrical infrastructure without any login credentials.
Who's at risk
Water treatment and municipal electric utilities operating Siemens SCALANCE XCM/XRM-300 series managed industrial network switches. This includes facilities using these switches for backbone connectivity between control systems, SCADA networks, and remote terminal units (RTUs). Small to mid-size utilities with these switches in their critical infrastructure are directly affected.
How it could be exploited
An attacker on your network (or reachable via the internet if the switch is internet-facing) can send specially crafted network packets to the SCALANCE switch to exploit memory corruption, authentication bypass, or weak encryption vulnerabilities. This allows remote code execution directly on the switch with the ability to modify configurations, intercept traffic, or isolate critical control systems.
Prerequisites
  • Network access to the SCALANCE switch on the management port or industrial network interface
  • No authentication or credentials required
  • Device must be running firmware version before V2.4
remotely exploitableno authentication requiredlow complexityactively exploited (KEV)high EPSS score (68.2%)affects network infrastructure connecting safety systems
Exploitability
Actively exploited — confirmed by CISA KEV
Affected products (11)
11 with fix
ProductAffected VersionsFix Status
SCALANCE XCH328<V2.42.4
SCALANCE XCM324<V2.42.4
SCALANCE XCM328<V2.42.4
SCALANCE XCM332<V2.42.4
SCALANCE XRH334 (24 V DC, 8xFO, CC)<V2.42.4
SCALANCE XRM334 (230 V AC, 12xFO)<V2.42.4
SCALANCE XRM334 (230 V AC, 8xFO)<V2.42.4
SCALANCE XRM334 (24 V DC, 12xFO)<V2.42.4
Remediation & Mitigation
0/1
Do now
0/1
HOTFIXUpdate all affected SCALANCE XCM and XRM switches to firmware version 2.4 or later
CVEs (160)
CVE-2006-20001CVE-2020-10735CVE-2021-3445CVE-2021-3638CVE-2021-4037CVE-2021-36369CVE-2021-43666CVE-2021-45451CVE-2022-1015CVE-2022-1348CVE-2022-2586CVE-2022-2880CVE-2022-3294CVE-2022-3437CVE-2022-3515CVE-2022-4415CVE-2022-4743CVE-2022-4744CVE-2022-4900CVE-2022-4904CVE-2022-23471CVE-2022-23521CVE-2022-24834CVE-2022-26691CVE-2022-28737CVE-2022-28738CVE-2022-28739CVE-2022-29154CVE-2022-29162CVE-2022-29187CVE-2022-29536CVE-2022-32148CVE-2022-34903CVE-2022-34918CVE-2022-36021CVE-2022-36227CVE-2022-36760CVE-2022-37436CVE-2022-37454CVE-2022-37797CVE-2022-38725CVE-2022-39189CVE-2022-39260CVE-2022-41409CVE-2022-41556CVE-2022-41715CVE-2022-41717CVE-2022-41723CVE-2022-41860CVE-2022-41861CVE-2022-41862CVE-2022-41903CVE-2022-42919CVE-2022-44370CVE-2022-45061CVE-2022-45142CVE-2022-45919CVE-2022-46392CVE-2022-46393CVE-2022-47629CVE-2022-48303CVE-2022-48434CVE-2023-0160CVE-2023-0330CVE-2023-0361CVE-2023-0494CVE-2023-0567CVE-2023-0568CVE-2023-0590CVE-2023-0662CVE-2023-1206CVE-2023-1380CVE-2023-1393CVE-2023-1611CVE-2023-1670CVE-2023-1838CVE-2023-1855CVE-2023-1859CVE-2023-1989CVE-2023-1990CVE-2023-2002CVE-2023-2124CVE-2023-2194CVE-2023-2269CVE-2023-2861CVE-2023-2953CVE-2023-3006CVE-2023-3090CVE-2023-3111CVE-2023-3141CVE-2023-3212CVE-2023-3247CVE-2023-3268CVE-2023-3301CVE-2023-3316CVE-2023-3390CVE-2023-3611CVE-2023-3776CVE-2023-3863CVE-2023-4128CVE-2023-4194CVE-2023-20593CVE-2023-21255CVE-2023-22490CVE-2023-22742CVE-2023-22745CVE-2023-23454CVE-2023-23931CVE-2023-23934CVE-2023-23946CVE-2023-24538CVE-2023-25153CVE-2023-25155CVE-2023-25193CVE-2023-25588CVE-2023-25690CVE-2023-25727CVE-2023-26081CVE-2023-26965CVE-2023-27522CVE-2023-27534CVE-2023-27535CVE-2023-27536CVE-2023-28450CVE-2023-28466CVE-2023-28486CVE-2023-28487CVE-2023-29402CVE-2023-29404CVE-2023-29405CVE-2023-29406CVE-2023-29409CVE-2023-30086CVE-2023-30456CVE-2023-30772CVE-2023-31084CVE-2023-31124CVE-2023-31130CVE-2023-31147CVE-2023-31436CVE-2023-31489CVE-2023-32067CVE-2023-32233CVE-2023-32573CVE-2023-33203CVE-2023-34256CVE-2023-34872CVE-2023-34969CVE-2023-35001CVE-2023-35788CVE-2023-35789CVE-2023-35823CVE-2023-35824CVE-2023-35828CVE-2023-36054CVE-2023-36617CVE-2023-36664CVE-2023-37920CVE-2023-38559CVE-2023-40283
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/7dad0b64-d551-4973-9f9f-8ac52b050656