Multiple Vulnerabilities in SCALANCE XM-400/XR-500 before V6.6.1

Act Now7.5SSA-879734Jun 11, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities (CWE-326, CWE-415, CWE-416, CWE-20, CWE-295) in Siemens SCALANCE XM400 and XR500 series managed industrial switches. The vulnerabilities include weak cryptographic practices, use-after-free and buffer overflow conditions, improper input validation, and insufficient certificate validation. These flaws can be exploited remotely without authentication to cause denial of service through device crash or reboot.

What this means

What could happen

An attacker could cause a denial of service (device unavailability or reboot) on your SCALANCE managed industrial switches, disrupting network connectivity to connected PLCs, I/O devices, and critical process equipment across your facility.

Who's at risk

Water utilities and electric utilities operating Siemens SCALANCE XM and XR managed industrial switches (core network devices in substations, water treatment plants, and distribution automation systems) running firmware versions earlier than 6.6.1.

How it could be exploited

An attacker with network access to the switch could send specially crafted packets to trigger memory safety or cryptographic validation flaws, causing the device to crash or stop forwarding traffic.

Prerequisites

Network access to the SCALANCE switch management interface or data ports
No authentication required (CVSS vector PR:N)

remotely exploitableno authentication requiredlow complexityhigh EPSS score (88.5%)affects network availabilitymemory safety issues (CWE-415, CWE-416)

Exploitability

High exploit probability (EPSS 88.5%)

Affected products (25)

25 with fix

ProductAffected VersionsFix Status

SCALANCE XM408-4C<V6.6.16.6.1

SCALANCE XM408-4C (L3 int.)<V6.6.16.6.1

SCALANCE XM408-8C<V6.6.16.6.1

SCALANCE XM408-8C (L3 int.)<V6.6.16.6.1

SCALANCE XM416-4C<V6.6.16.6.1

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all affected SCALANCE XM and XR switches to firmware version 6.6.1 or later

CVEs (8)

CVE-2022-2097 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e0f803e1-ffd8-4336-adf4-0f42ffe48d13