← Back to home
ICSA-13-274-01  ·  Published 2025-06-06  ·  View on CISA ICS-CERT ↗

Siemens SCALANCE X-200 Authentication Bypass Vulnerability

CVSS 10.0 CRITICAL

CVEs (1)

Remediations

  • Siemens recommends upgrading to the current SCALANCE X-200 firmware versions V5.0.1 (non-IRT) and V5.1.2 (IRT). These versions are not vulnerable to the authentication bypass issue.
  • The firmware update for SCALANCE X-200 can be obtained here: (http://support.automation.siemens.com/WW/view/en/78458674): The firmware update for SCALANCE X-200IRT can be obtained here: (http://support.automation.siemens.com/WW/view/en/78454417)
  • Siemens security advisory is located here: (http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf)

Affected Vendors

Siemens

Affected Products (4)

Siemens · SCALANCE X-200 switch family firmware <V4.5.0
Siemens · SCALANCE X-200IRT Isochronous Real-Time switch family firmware <V5.1.0
Siemens · SCALANCE X-200 MLFBs 6GK5224-0BA00-2AA3|6GK5216-0BA00-2AA3|6GK5212-2BB00-2AA3|6GK5212-2BC00-2AA3|6GK5208-0BA10-2AA3|6GK5206-1BB10-2AA3|6GK5206-1BC10-2AA3|6GK5204-2BB10-2AA3|6GK5204-2BC10-2AA3|6GK5208-0HA10-2AA6|6GK5204-0BA00-2AF2|6GK5208-0BA00-2AF2|6GK5206-1BC00-2AF2|6GK5204-2BC00-2AF2|6GK5204-2BB10-2CA2
Siemens · SCALANCE X-200IRT MLFBs 6GK5201-3JR00-2BA6|6GK5204-0BA00-2BF2|6GK5204-0JA00-2BA6|6GK5202-2JR00-2BA6|6GK5202-2BH00-2BA3|6GK5201-3BH00-2BA3|6GK5200-4AH00-2BA3|6GK5202-2BB00-2BA3|6GK5204-0BA00-2BA3

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more