Scalance X300, Scalance X408, Scalance X414 Security Vulnerabilities

Siemens SCALANCE W1750D Devices Improper Input Validation (CVE-2023-0286)

A vulnerability exists in the OpenSSL that affects SCALANCE W1750D device. A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an...

Siemens SCALANCE and RUGGEDCOM M-800/S615 Family

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Siemens RUGGEDCOM and SCALANCE M-800/S615 Family

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Siemens SCALANCE M-800/S615 Series OS Command Injection Vulnerability

The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers. An operating system command injection vulnerability exists in the Siemens SCALANCE M-800/S615 series, which can be exploited by an attacker to execute commands on the system via a malicious local administrator...

Siemens SCALANCE M-800/S615 Series OS Command Injection Vulnerability

The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers. An operating system command injection vulnerability exists in the Siemens SCALANCE M-800/S615 series, which can be exploited by an attacker to execute commands on the...

CVE-2023-49692

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (Annex A)...

CVE-2023-49692

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (Annex A)...

CVE-2023-49691

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (Annex A)...

CVE-2023-49691

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (Annex A)...

Command injection

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (Annex A)...

Command injection

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (Annex A)...

CVE-2023-49692

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (Annex A)...

CVE-2023-49691

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (Annex A)...

Siemens SCALANCE Family Products

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Siemens SCALANCE W700

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Weak Encryption Vulnerability in Multiple Siemens Products

The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers (PLCs) or Human Machine Interfaces (HMIs), that comply with the IEEE 802.11...

Multiple Siemens products use hard-coded encryption key vulnerability

The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers (PLCs) or Human Machine Interfaces (HMIs), that comply with the IEEE 802.11...

Multiple Siemens Products Forced Browsing Vulnerability

The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers (PLCs) or Human Machine Interfaces (HMIs), that comply with the IEEE 802.11...

Multiple Siemens Products Use Trusted Data to Accept Unrelated Untrusted Data Vulnerability

The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers (PLCs) or Human Machine Interfaces (HMIs), that comply with the IEEE 802.11...

Unchecked Return Value Vulnerability in Multiple Siemens Products

The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers (PLCs) or Human Machine Interfaces (HMIs), that comply with the IEEE 802.11...

Unsynchronized Access to Shared Data Vulnerability in Multiple Siemens Products in a Multi-Threaded Context

The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers (PLCs) or Human Machine Interfaces (HMIs), that comply with the IEEE 802.11...

Multiple Siemens Products Input Validation Error Vulnerability (CNVD-2023-86591)

The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers (PLCs) or Human Machine Interfaces (HMIs), that comply with the IEEE 802.11...

Uncontrolled Resource Consumption Vulnerability in Multiple Siemens Products

The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers (PLCs) or Human Machine Interfaces (HMIs), that comply with the IEEE 802.11...

CVE-2023-44322

Affected devices can be configured to send emails when certain events occur on the device. When presented with an invalid response from the SMTP server, the device triggers an error that disrupts email sending. An attacker with access to the network can use this to do disable notification of users....

CVE-2023-44373

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Follow-up of...

CVE-2023-44374

Affected devices allow to change the password, but insufficiently check which password is to be changed. With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user allowing her to escalate her...

CVE-2023-44319

Affected devices use a weak checksum algorithm to protect the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that tricks a legitimate administrator to upload a modified configuration...

CVE-2023-44318

Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that obtains a configuration backup to extract configuration information from the...

CVE-2023-44320

Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an...

CVE-2023-44317

Affected products do not properly validate the content of uploaded X509 certificates which could allow an attacker with administrative privileges to execute arbitrary code on the...

CVE-2023-44321

Affected devices do not properly validate the length of inputs when performing certain configuration changes in the web interface allowing an authenticated attacker to cause a denial of service condition. The device needs to be restarted for the web interface to become available...

Siemens SCALANCE W1750D

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Siemens SCALANCE X-200RNA Switch Devices Improper Neutralization of Script-Related HTML Tags in a Web Page (CVE-2022-46350)

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions &lt...

Siemens SCALANCE X-200RNA Switch Devices Use of Insufficiently Random Values (CVE-2022-46353)

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions &lt...

Siemens SCALANCE X-200RNA Switch Devices Exposure of Sensitive Information to an Unauthorized Actor (CVE-2022-46355)

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions &lt...

Siemens Unauthenticated Access to Critical Services in SCALANCE X-200 Switch Family (CVE-2013-5944)

The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface......

Siemens SCALANCE and RUGGEDCOM Products Missing Authorization (CVE-2022-31765)

Affected devices do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Siemens SIMATIC NET CP, SINEMA & SCALANCE Integer Overflow (CVE-2021-41990)

Siemens SIMATIC NET CP, SINEMA and SCALANCE Products Affected by Vulnerabilities in Third-Party Component strongSwan. The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated...

Siemens SCALANCE X-200RNA Switch Devices Improper Access Control (CVE-2022-46354)

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions &lt...

Siemens SCALANCE X-200RNA Switch Devices Uncontrolled Resource Consumption (CVE-2022-46351)

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions &lt...

Siemens SCALANCE X-200RNA Switch Devices Uncontrolled Resource Consumption (CVE-2022-46352)

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions &lt...

Siemens in SCALANCE Products (CVE-2022-46144)

A vulnerability has been identified in SCALANCE SC622-2C (All versions < V2.3), SCALANCE SC622-2C (All versions >= 2.3 < V3.0), SCALANCE SC626-2C (All versions < V2.3), SCALANCE SC626-2C (All versions >= 2.3 < V3.0), SCALANCE SC632-2C (All versions < V2.3), SCALANCE SC632-2C (A...

​Siemens SINAMICS Medium Voltage Products

​​As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services.....

Siemens SIMATIC WinCC using obsolete function vulnerability

SIMATIC NET PC software is a separately sold software product that implements the SIMATIC NET communication products.SIMATIC PCS 7 is a centralized control system (DCS) that integrates SIMATIC WinCC, SIMATIC Batch, SIMATIC Route control, OpenPCS 7 and other components.SIMATIC WinCC is a...

Siemens SCALANCE W1750D Uncontrolled Resource Consumption (CVE-2002-20001)

The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular- exponentiation calculations, aka a D(HE)ater attack. The client needs very little CPU resources and...

Siemens SCALANCE LPE9403 Improper Limitation of a Pathname to a Restricted Directory (CVE-2023-27409)

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A path traversal vulnerability was found in the deviceinfo binary via the mac parameter. This could allow an authenticated attacker with access to the SSH interface on the affected device to read the contents of any.....

Siemens SCALANCE LPE9403 Heap-Based Buffer Overflow (CVE-2023-27410)

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A heap-based buffer overflow vulnerability was found in the edgebox_web_app binary. The binary will crash if supplied with a backup password longer than 255 characters. This could allow an authenticated privileged...

Siemens SCALANCE W1750D Improper Input Validation (CVE-2022-47522)

The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication....

Siemens SCALANCE LPE9403 Improper Neutralization of Special Elements Used in a Command (CVE-2023-27407)

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The web based management of affected device does not properly validate user input, making it susceptible to command injection. This could allow an authenticated remote attacker to access the underlying operating syste...

Siemens SCALANCE LPE9403 Creation of Temporary File with Insecure Permissions (CVE-2023-27408)

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The i2c mutex file is created with the permissions bits of -rw-rw-rw-. This file is used as a mutex for multiple applications interacting with i2c. This could allow an authenticated attacker with access to the SSH...