ICSA-18-163-02
·
Published 2022-12-13
·
View on CISA ICS-CERT ↗
Siemens SCALANCE X Switches (Update A)
CVSS 5.8
MEDIUM
CVEs (2)
Remediations
- To exploit CVE-2018-4842, the attacker needs to be able to log into the administrative web application.
- To exploit CVE-2018-4848 the attacker must trick the user to click on a link while being logged in.
- Update to V5.4.1 or later version
- Update to V4.1.3 or later version
- Update to V3.2.7 or later version
- Update to V5.2.3 or later version
Affected Vendors
Siemens
Affected Products (4)
Siemens
·
SCALANCE X-200 switch family (incl. SIPLUS NET variants)
<V5.2.3
Siemens
·
SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)
<V5.4.1
Siemens
·
SCALANCE X-200RNA switch family
<V3.2.7
Siemens
·
SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)
<V4.1.3
Affected Sectors
Multiple
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more