SCALANCE X300, SCALANCE X408, SCALANCE X414 Security Vulnerabilities

Siemens SCALANCE W734-1 Unmanaged Ethernet Switch

A Siemens SCALANCE W734-1 Unmanaged Ethernet Switch is used to allow cost-effective solutions for setting up small star or line topologies with switching functionality in machinery or plant components. It allows for quick commissioning without configuration and has an easy on-site diagnostics via.....

Siemens SCALANCE W774-1 Unmanaged Ethernet Switch

A Siemens SCALANCE W774-1 Unmanaged Ethernet Switch is used to allow cost-effective solutions for setting up small star or line topologies with switching functionality in machinery or plant components. It allows for quick commissioning without configuration and has an easy on-site diagnostics via.....

Siemens SCALANCE S623 Security module

A Siemens SCALANCE S623 Security module is used for protection of units and networks in automation technology and for protection of industrial communication via VPN and Firewall; additional DMZ port for connecting an additional...

Siemens SCALANCE XR552-12M Managed IE Switch

A Siemens XR552-12M Managed IE Switch features include an 19" rack; 4x 1000/10000 Mbit/s SFP+; 12x 100/1000 Mbit/s 4-port media modules, electrical, electrical PoE or optical; LED diagnostics; error signaling contact; Select/set pushbutton, PROFINET IO device, network management, integrated...

Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products (Update E)

EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available. Vendor: Siemens Equipment: SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products Vulnerabilities: Security Features 2. UPDATE INFORMATION This updated advisory is a follow-up...

CVE-2019-6567

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions < V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4...

CVE-2019-6567

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions < V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4...

Design/Logic Flaw

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions < V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4...

CVE-2019-6567

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions < V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4...

Siemens SCALANCE W1750D 6GK5750-2HX01-1AD0 Controller-based Direct Access Point

SCALANCE W1750D 6GK5750-2HX01-1AD0 is described by Siemens as WLAN access point, SCALANCE W1750D-2IA RJ45, 2 radios, controller operation without WLC, internal antennas, IEEE802.11ac wave2 AP, MU-MIMO, gross up to 800 Mbit/s (2.4 GHz) Gross up to 1.7 Gbit/s (5 GHz), 2 x RJ45, PoE, USB, Ceiling...

Siemens SCALANCE W1750D 6GK5750-2HX01-1AA0 Controller-based Direct Access Point

SCALANCE W1750D 6GK5750-2HX01-1AA0 is described by Siemens as WLAN ACCESS POINT, SCALANCE W1750D-2IA RJ45, 2 radios, Controller operation without WLC, internal antennas, IEEE802.11ac wave2 AP, MU-MIMO, Gross up to 800 Mbit/s (2.4 GHz) Gross up to 1.7 Gbit/s (5 GHz), 2x RJ45, PoE, USB, Ceiling...

Siemens SCALANCE W1750D 6GK5750-2HX01-1AB0 Controller-based Direct Access Point

SCALANCE W1750D 6GK5750-2HX01-1AB0 is described by Siemens as WLAN access point, SCALANCE W1750D-2IA RJ45, 2 radios, controller operation without WLC, internal antennas, IEEE802.11ac wave2 AP, MU-MIMO, gross up to 800 Mbit/s (2.4 GHz) Gross up to 1.7 Gbit/s (5 GHz), 2 x RJ45, PoE, USB, Ceiling...

Aruba Instant Web and Siemens SCALANCE W1750D Command Injection

The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream...

Aruba Instant Web and Siemens SCALANCE W1750D Information Exposure

If a process crashes, it may leave behind a "core dump", which contains the memory contents of the process at the time it crashed. It was discovered that core dumps are stored in a way that unauthenticated users can access them through the Aruba Instant web interface. The same is true for...

Aruba Instant Web and Siemens SCALANCE W1750D Cross-Site Scripting

A reflected cross-site scripting (XSS) vulnerability CWE-79 exists in the web interface of the affected devices that allows an attacker to trick an administrator into clicking a link which could then take administrative actions on the device or expose a session cookie for an administrative...

Aruba Instant Web and Siemens SCALANCE W1750D Command Injection

The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream...

Siemens SCALANCE W1750D Information Exposure

The security vulnerability CWE-200 could be exploited by an attacker with network access to the affected system. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality of the affected...

Siemens SCALANCE X-300 Family Switches HTTP Request Handling Remote DOS

Siemens SCALANCE X-300 family switches under firmware version 4.0 can allow remote attackers to cause a denial of service (reboot) via malformed HTTP...

Siemens SCALANCE X-300 Family Switches FTP Server Network Packet Handling Remote DOS

Siemens SCALANCE X-300 family switches under firmware version 4.0 can allow remote authenticated users to cause a denial of service (reboot) via crafted FTP...

Siemens SCALANCE W1750D

EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE W1750D Vulnerabilities: Command Injection, Information Exposure, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

CVE-2018-7084

A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating system. An attacker could use this ability to copy files, read configuration, write files, delete...

CVE-2018-7064

A reflected cross-site scripting (XSS) vulnerability is present in an unauthenticated Aruba Instant web interface. An attacker could use this vulnerability to trick an IAP administrator into clicking a link which could then take administrative actions on the Instant cluster, or expose the session.....

CVE-2018-7082

A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would....

CVE-2018-7083

If a process running within Aruba Instant crashes, it may leave behind a "core dump", which contains the memory contents of the process at the time it crashed. It was discovered that core dumps are stored in a way that unauthenticated users can access them through the Aruba Instant web interface......

Siemens XR324 Switch Detection

A XR324 Switch with model number 6GK5324-4GG00-3ER2 has been detected. It is described by Siemens as SCALANCE XR324-4M EEC; Managed IE switch, 19" rack; 16x 10/100/1000 Mbit/s for RJ45 ports electrical; 4x 100/1000 Mbit/s for 2-port media modules, electrical or optical; LED diagnostics; error...

Siemens X308 Switch Detection

A X308 Switch with model number 6GK5308-2FM10-2AA3 has been detected. It is described by Siemens as SCALANCE X308-2LD, managed plus IE switch, 2x 1000 Mbit/s SM SC, 1x 10/100/1000 Mbit/s, 7x 10/100 Mbit/s RJ45 ports, LED diagnostics, error signaling Contact with select/set button, PROFINET IO...

Siemens XB213 Switch Detection

A XB213 Switch with model number 6GK5213-3BF00-2AB2 has been detected. It is described by Siemens as SCALANCE XB213-3LD managed Layer 2 IE Switch 13x 10/100 Mbit/s RJ45 ports, 3x SM FO SC port 1x console port, diagnostics LED, redundant power supply, temp. range 0 C to +60 C; mounting onto...

Siemens X200IRT Switch Detection

A X200IRT Switch with model number 6GK5204-0JA00-2BA6 has been detected. It is described by Siemens as SCALANCE X204IRT PRO, managed IE IRT switch with degree of protection IP65/67, 4x 10/100 Mbit/s Push-pull RJ45 ports, error signaling contact with set button; redundant power supply; PROFINET IO.....

Siemens X204 Switch Detection

A X204 Switch with model number 6GK5204-2BB10-2CA2 has been detected. It is described by Siemens as SCALANCE X204-2TS; managed IE switch; 4x 10/100 Mbit/s RJ45 ports; 2x 100 Mbit/s Multimode BFOC; LED diagnostics; error signaling contact with set button; redundant power supply; PROFINET I/O...

Siemens X200IRT Switch Detection

A X200IRT Switch with model number 6GK5201-3BH00-2BA3 has been detected. It is described by Siemens as SCALANCE X201-3PIRT managed IE IRT switch, 1x 10/100 Mbit/s RJ45 ports, 3x 100 Mbit/s POF SC RJ ports, Error signaling contact with set button, Redundant power supply, PROFINET IO device, network....

Siemens X307 Switch Detection

A X307 Switch with model number 6GK5307-3BM10-2AA3 has been detected. It is described by Siemens as SCALANCE X307-3LD, managed plus IE switch, 3x 1000 Mbit/s SM SC 7x 10/100 Mbit/s RJ45 ports, LED diagnostics, error-signaling contact with Select/set pushbutton, PROFINET IO Device, network...

Siemens X308 Switch Detection

A X308 Switch with model number 6GK5308-2FN10-2AA3 has been detected. It is described by Siemens as SCALANCE X308-2LH, managed plus IE switch, 2x 1000 Mbit/s SM SC, 1x 10/100/1000 Mbit/s, 7x 10/100 Mbit/s RJ45 ports, LED diagnostics, error signaling Contact with select/set button, PROFINET IO...

Siemens X408 Switch Detection

A X408 Switch with model number 6GK5408-2FD00-2AA2 has been detected. It is described by Siemens as SCALANCE X408-2, modular IE switch, 4x 10/100/1000 Mbit/ and 4x 10/100 Mbit/s RJ45 ports 2x GBit/Fast Ethernet Media module slots, integrated redundancy manager, Office features (RSTP, VLAN,..)...

Siemens SCALANCE X200 IRT Switches < 5.1.0 HTTP Command Execution

The web interface on Siemens Scalance X200 IRT switches with firmware before X-200IRT 5.1.0 relies on client-side privilege checks, which allows remote authenticated users to execute arbitrary commands via unspecified...

Siemens X308 Switch Detection

A X308 Switch with model number 6GK5308-2QG00-2AA2 has been detected. It is described by Siemens as SCALANCE X308-2M PoE; managed IE switch, compact; 4x 10/100/1000 Mbit/s for RJ45 ports electrical with PoE; 2x 100/1000 Mbit/s for 2-port media modules, electrical or optical; LED diagnostics, error....

Siemens X310 Switch Detection

A X310 Switch with model number 6GK5310-0BA10-2AA3 has been detected. It is described by Siemens as SCALANCE X310FE, managed plus IE switch, 10x 10/100 Mbit/s RJ45 ports, LED diagnostics, error-signaling contact with Select/set pushbutton, PROFINET IO Device, network management, integrated...

Siemens XB213 Switch Detection

A XB213 Switch with model number 6GK5213-3BD00-2TB2 has been detected. It is described by Siemens as SCALANCE XB213-3 managed Layer 2 IE Switch 13x 10/100 Mbit/s RJ45 ports, 3x MM FO SC port 1x console port, diagnostics LED, redundant power supply, temp. range 0 C to +60 C; mounting onto standard.....

Siemens XB213 Switch Detection

A XB213 Switch with model number 6GK5213-3BF00-2TB2 has been detected. It is described by Siemens as SCALANCE XB213-3LD managed Layer 2 IE Switch 13x 10/100 Mbit/s RJ45 ports, 3x SM FO SC port 1x console port, diagnostics LED, redundant power supply, temp. range 0 C to +60 C; mounting onto...

Siemens Scalance S Security Module Firewall < 2.3.0.3 Buffer Overflow

Stack-based buffer overflow in the Profinet DCP protocol implementation on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 allows remote attackers to cause a denial of service (device outage) or possibly execute arbitrary code via a...

Siemens X200IRT Switch Detection

A X200IRT Switch with model number 6GK5202-2JR00-2BA6 has been detected. It is described by Siemens as SCALANCE X202-2PIRT PRO, Managed IE IRT switch, Degree of protection IP65/67, 2x 10/100 Mbit/s Push Pull RJ45 ports, 2x 100 Mbit/s Push-pull SCRJ port; Error signaling contact with set button,...

Siemens X308 Switch Detection

A X308 Switch with model number 6GK5308-2GG10-2AA2 has been detected. It is described by Siemens as SCALANCE X308-2M; managed IE switch, compact; 4x 10/100/1000 Mbit/s for RJ45 ports electrical; 2x 100/1000 Mbit/s for 2-port media modules, electrical or optical; LED diagnostics; error signaling...

Siemens XR324 Switch Detection

A XR324 Switch with model number 6GK5324-4GG00-4JR2 has been detected. It is described by Siemens as SCALANCE XR324-4M EEC; Managed IE switch, 19" rack; 16x 10/100/1000 Mbit/s for RJ45 ports electrical; 4x 100/1000 Mbit/s for 2-port media modules, electrical or optical; LED diagnostics; error...

Siemens XR324 Switch Detection

A XR324 Switch with model number 6GK5324-0GG10-3AR2 has been detected. It is described by Siemens as SCALANCE XR324-12M; managed IE switch, 19" rack; 12x 100/1000 Mbit/s 2-port media modules, electrical or optical; LED diagnostics; error signaling Contact; Select/set pushbutton, PROFINET IO...

Siemens XC206 Switch Detection

A XC206 Switch with model number 6GK5206-2BB00-2AC2 has been detected. It is described by Siemens as SCALANCE XC206-2 manageable layer 2 IE Switch; 6x 100 Mbit/s RJ45 ports; 2x 100 Mbit/s ST/BFOC ports; 1x console port; Diagnostic LED; Redundant power supply; Temp. range -40C to +70 C Mounting:...

Siemens XC208 Switch Detection

A XC208 Switch with model number 6GK5208-0GA00-2FC2 has been detected. It is described by Siemens as SCALANCE XC208G EEC Manageable layer 2 IE switch; 8x 10/100/1000 Mbit/s RJ45 ports; 1x console port; Diagnostics LED; Redundant power supply; with painted printed circuit boards; NAMUR...

Siemens XR324 Switch Detection

A XR324 Switch with model number 6GK5324-4GG00-1JR2 has been detected. It is described by Siemens as SCALANCE XR324-4M EEC; Managed IE switch, 19" rack; 16x 10/100/1000 Mbit/s for RJ45 ports electrical; 4x 100/1000 Mbit/s for 2-port media modules, electrical or optical; LED diagnostics; error...

Siemens X200IRT Switch Detection

A X200IRT Switch with model number 6GK5204-0BA00-2BA3 has been detected. It is described by Siemens as SCALANCE X204IRT, managed IE IRT switch, 4x 10/100 Mbit/s RJ45 ports, Error signaling contact with set pushbutton, redundant power supply, PROFINET IO device, network management, Redundancy...

Siemens XC224 Switch Detection

A XC224 Switch with model number 6GK5224-0BA00-2AC2 has been detected. It is described by Siemens as SCALANCE XC224 manageable layer 2 IE Switch; 24x 10/100 Mbit/s RJ45-Ports; 1x console port, Diagnostic LED; Redundant power supply; Temp. range -40C to +70 C Mounting: Standard Mounting Rail/S7...

Siemens SCALANCE X-200, XR300-WG 3.0 and 3.1 RCDP Triggered Unauthorized Administrative Actions

A vulnerability has been identified in RUGGEDCOM ROS for RSL910 devices (All versions &lt; ROS V5.0.1), RUGGEDCOM ROS for all other devices (All versions &lt; ROS V4.3.4), SCALANCE XB-200/XC-200/XP-200/XR300-WG (All versions between V3.0 (including) and V3.0.2 (excluding)), SCALANCE XR-500/XM-400 (...

Siemens Multiple Devices Remote Code Execution

A vulnerability has been identified in RFID 181-EIP (All versions), RUGGEDCOM WiMAX (V4.4 and V4.5), SCALANCE X-200 (All versions &lt; V5.2.3), SCALANCE X-200 IRT (All versions &lt; V5.4.1), SCALANCE X-204RNA (All versions), SCALANCE X-300 (All versions), SCALANCE X408 (All versions), SCALANCE X414...