SCALANCE S602, SCALANCE S612, SCALANCE S623, SCALANCE S627-2M Security Vulnerabilities

Siemens SCALANCE and RUGGEDCOM Devices Stack-Based Buffer Overflow (CVE-2021-25667)

A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All vers...

Siemens SCALANCE XM-400 and XR-500 Devices Incorrect Calculation (CVE-2020-28393)

An unauthenticated remote attacker could create a permanent denial-of- service condition by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device on the SCALANCE XM-400, XR-500 (All versions prior to v6.4). This plugin only works with...

Siemens SCALANCE S-600 Improper Neutralization of Script-Related HTML Tags in a Web Page (CVE-2019-6585)

A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). The integrated configuration web serv...

Siemens SCALANCE and RUGGEDCOM Devices SSH Improper Restriction of Excessive Authentication Attempts (CVE-2021-25676)

A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, t...

Siemens SCALANCE S-600 Uncontrolled Resource Consumption (CVE-2019-13925)

A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). Specially crafted packets sent to por...

Siemens SCALANCE S-600 Uncontrolled Resource Consumption (CVE-2019-13926)

A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). Specially crafted packets sent to por...

Siemens SCALANCE X-200RNA Switch Devices Path Traversal (CVE-2019-6111)

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are...

Siemens SCALANCE Third-Party

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Unbreakable Enterprise kernel security update

[5.4.17-2136.317.5.3] - udf: Fix file corruption when appending just after end of preallocated extent (Jan Kara) [Orabug: 35192150] - selftests/ftrace: Fix bash specific '==' operator (Masami Hiramatsu (Google)) [Orabug: 35192150] - net: Fix unwanted sign extension in netdev_stats_to_stats64()...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.317.5.3] - udf: Fix file corruption when appending just after end of preallocated extent (Jan Kara) [Orabug: 35192150] - selftests/ftrace: Fix bash specific '==' operator (Masami Hiramatsu (Google)) [Orabug: 35192150] - net: Fix unwanted sign extension in netdev_stats_to_stats64()...

Siemens TCP Event Service of SCALANCE And RUGGEDCOM Devices Improper Input Validation (CVE-2022-31766)

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.1.2), SCALANCE M804PB (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.1.2), SCALANCE M812-1 ADSL- Router (Annex B...

Siemens SCALANCE W1750D Command Injection (CVE-2018-7084)

A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating system. An attacker could use this ability to copy files, read configuration, write files, delete...

KillNet and affiliate hacktivist groups targeting healthcare with DDoS attacks

In the last year, geopolitical tension has led to an uptick of reported cybercrime events fueled by hacktivist groups. The US Cybersecurity and Infrastructure Security Agency (CISA) published an advisory to warn organizations about these attacks and teamed with the FBI on a distributed...

KillNet and affiliate hacktivist groups targeting healthcare with DDoS attacks

In the last year, geopolitical tension has led to an uptick of reported cybercrime events fueled by hacktivist groups. The US Cybersecurity and Infrastructure Security Agency (CISA) published an advisory to warn organizations about these attacks and teamed with the FBI on a distributed...

Unbreakable Enterprise kernel-container security update

[4.14.35-2047.523.4.1] - mm: kvmalloc does not fallback to vmalloc for incompatible gfp flags (Michal Hocko) [Orabug: 35164196] [4.14.35-2047.523.4] - rds: ib: Keep IB MRs on clean_list unless we are tearing down the pool (Hakon Bugge) [Orabug: 34987235] - rds: ib: Add FRWR related statistics...

Unbreakable Enterprise kernel security update

[4.14.35-2047.523.4.1] - mm: kvmalloc does not fallback to vmalloc for incompatible gfp flags (Michal Hocko) [Orabug: 35164196] [4.14.35-2047.523.4] - rds: ib: Keep IB MRs on clean_list unless we are tearing down the pool (Hakon Bugge) [Orabug: 34987235] - rds: ib: Add FRWR related statistics...

Siemens SCALANCE, RUGGEDCOM Third-Party

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Siemens SCALANCE W1750D Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Unbreakable Enterprise kernel security update

[5.15.0-8.91.4.1] - uek-rpm: Add opbmc to core rpm (Somasundaram Krishnasamy) [Orabug: 35157130] [5.15.0-8.91.4] - selftests/vm: remove ARRAY_SIZE define from individual tests (Shuah Khan) [Orabug: 35088471] - selftests: Provide local define of __cpuid_count() (Reinette Chatre) [Orabug:...

BidenCash Market Leaks 2M Credit Cards in Birthday Blitz

By Waqas As analyzed by Hackread.com, the leaked details contain over 500,000 email addresses along with credit card numbers and CVV codes in plain text. This is a post from HackRead.com Read the original post: BidenCash Market Leaks 2M Credit Cards in Birthday...

Siemens SCALANCE X-200RNA Switch Devices Integer Overflow or Wraparound (CVE-2019-16905)

OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing...

Siemens SCALANCE X-200RNA Switch Devices Concurrent Execution Using Shared Resource with Improper Synchronization (CVE-2018-15473)

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. OpenSSH through 7.7 is prone to a...

Siemens SCALANCE X-200RNA Switch Devices Inappropriate Encoding For Output Context (CVE-2019-6110)

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in- The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. In OpenSSH 7.9, due to accepting and...

Siemens SCALANCE X-200RNA Switch Devices Incorrect Authorization (CVE-2018-20685)

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. In OpenSSH 7.9, scp.c in the scp client allows remote SSH...

Siemens SCALANCE X-200RNA Switch Devices Improper Encoding or Escaping of Output (CVE-2019-6109)

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The- Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This....

Siemens SCALANCE X200 IRT

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

CISA Releases Fifteen Industrial Control Systems Advisories

CISA released fifteen (15) Industrial Control Systems (ICS) advisories on February 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS...

Siemens SCALANCE X Products Missing Authentication For Critical Function (CVE-2020-15799)

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The vulnerability could allow an unauthenticated attacker to reboot the device over the...

Siemens SCALANCE Privilege Escalation (CVE-2013-3633)

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The user privileges for the we...

Siemens SCALANCE X-300 Switches Out-of-Bounds Read (CVE-2022-26380)

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V,...

Siemens SCALANCE X-300 Switches Improper Input Validation (CVE-2022-25751)

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V,...

Siemens SCALANCE X-300 Switches Use of Insufficiently Random Values (CVE-2022-25752)

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V,...

Siemens Scalance Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2012-1802)

Buffer overflow in the embedded web server on the Siemens Scalance X Industrial Ethernet switch X414-3E before 3.7.1, X308-2M before 3.7.2, X-300EEC before 3.7.2, XR-300 before 3.7.2, and X-300 before 3.7.2 allows remote attackers to cause a denial of service (device reboot) or possibly execute...

Siemens SCALANCE X Authentication Bypass (CVE-2019-13933)

A vulnerability has been identified in SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V,...

Siemens SCALANCE X Products Heap-Based Buffer Overflow (CVE-2020-15800)

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4...

Siemens Web Server of SCALANCE X200 Heap-Based Buffer Overflow (CVE-2021-25668)

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions &lt...

Siemens SCALANCE Privilege Escalation (CVE-2013-3634)

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The implementation of SNMPv3 d...

Siemens SCALANCE X Switches Improper Neutralization of Input During Web Page Generation (CVE-2018-4842)

A vulnerability has been identified in SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). A remote, authenti...

Siemens SCALANCE X Products Heap-Based Buffer Overflow (CVE-2020-25226)

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The web server of the affected devices contains a vulnerability that may lead to a buff...

Siemens SCALANCE X-300 Switches Buffer Copy Without Checking Size of Input (CVE-2022-26334)

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V,...

Siemens SCALANCE X-300 Switches Improper Access Control (CVE-2022-25755)

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V,...

Siemens in SCALANCE Products (CVE-2022-46143)

Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially contains previously allocated data. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more....

Siemens in SCALANCE Products (CVE-2022-46142)

Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the CLI user passwords. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Siemens SCALANCE X Switches (CVE-2018-13807)

A vulnerability has been identified in SCALANCE X300 (All versions < V4.0.0), SCALANCE X408 (All versions < V4.0.0), SCALANCE X414 (All versions). The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web.....

Siemens SCALANCE X Switches Use of Hard-Coded Cryptographic Key (CVE-2020-28391)

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7). Devices create a new unique...

Siemens SCALANCE X-300 Switches Cross-Site Request Forgery (CVE-2022-25754)

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V,...

Siemens SCALANCE X Switches Improper Neutralization of Input During Web Page Generation (CVE-2018-4848)

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch famil...

Siemens SCALANCE X-200 switches Insufficient Entropy Source (CVE-2013-5709)

The authentication implementation in the web server on Siemens SCALANCE X-200 switches with firmware before 5.0.0 does not use a sufficient source of entropy for generating values of random numbers, which makes it easier for remote attackers to hijack sessions by predicting a value. This plugin...

Siemens SCALANCE X-300 Switches Buffer Copy Without Checking Size of Input (CVE-2022-26335)

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V,...

Siemens in SCALANCE Products (CVE-2022-46140)

Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and retrieve debug information about the system. This plugin only works with Tenable.ot. Please visit...