Connect with us

Hi, what are you looking for?



Siemens Fixes Vulnerabilities in SCALANCE, SIMATIC Solutions

Siemens has released firmware updates to address various security holes affecting some SCALANCE industrial switches and SIMATIC controllers.

SCALANCE switch vulnerabilities

Siemens has released firmware updates to address various security holes affecting some SCALANCE industrial switches and SIMATIC controllers.

SCALANCE switch vulnerabilities

According to advisories published by both ICS-CERT and Siemens, products of the SCALANCE X-300 switch family and SCALANCE X408 running firmware versions prior to 4.0 are affected by a couple of denial-of-service (DoS) vulnerabilities discovered and reported by Seattle, Washington-based Deja vu Security.

SCALANCE switches are used to connect industrial components such as human-machine interfaces (HMI) and programmable logic controllers (PLC). The devices are deployed all over the world in a wide range of industries, including chemical, communications, dams, critical manufacturing, energy, defense industrial base, and government facilities.

The first vulnerability affects the Web server found in SCALANCE switches. The flaw can be exploited by an unauthenticated attacker to cause the device to reboot by sending malformed HTTP requests to the server on Port 80/TCP or Port 443/TCP. However, for the attack to work, the attacker needs to be able to reach the HTTP interface over the network, ICS-CERT said in its advisory.

The bug has been assigned the CVE identifier CVE-2014-8478 and a CVSS v2 base score of 7.8.

The second vulnerability can allow an attacker to cause the device to reboot by sending specially crafted network packets to the switch’s FTP server. The attacker must be able to log in to the FTP server for the attack to work, Siemens said. A CVSS v2 base score of 6.8 and the CVE-2014-8479 identifier have been assigned to this flaw.

Advertisement. Scroll to continue reading.

In both cases, the switches stop forwarding packets to connected devices until the reboot process is completed.

Both vulnerabilities can be exploited remotely even by an attacker with a low skill level. However, Siemens and ICS-CERT are not aware of any public exploits for the security holes.

Siemens advises organizations to update the firmware on affected SCALANCE switches to version 4.0, which addresses these vulnerabilities.

SIMATIC PLC vulnerabilities

In an advisory published on Wednesday, Siemens announced the release of firmware version 4.1 for the SIMATIC S7-1200 CPU. The update addresses a vulnerability (CVE-2015-1048) that can be leveraged by an attacker to redirect users to malicious websites.

The Siemens SIMATIC S7-1200 PLC family is used worldwide in manufacturing, food and beverage, chemical, and other industrial environments.

“The integrated web server (port 80/tcp and port 443/tcp) of the affected devices could allow an attacker to redirect users to untrusted web sites if unsuspecting users are tricked to click on a malicious link,” Siemens wrote in its advisory.

Siemens advises organizations to update the firmware on affected SIMATIC products. The company also recommends the operation of these devices only within trusted networks.

The flaw was reported to the vendor by Ralf Spenneberg, Hendrik Schwartke and Maik Brüggemann of Germany-based OpenSource Training.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.