ICSA-19-162-04
·
Published 2021-02-09
·
View on CISA ICS-CERT ↗
Siemens SCALANCE X (Update B)
CVSS 7.1
HIGH
CVEs (1)
Remediations
- Restrict access to config backups or archived device configuration files
- Restrict or disable network access to mechanisms that allow to retrieve the device configuration, if enabled.
- Restrict access to device configuration module C-PLUG, if in use.
- SCALANCE X-414-3E: Migrate to SCALANCE XM-400 product line
- Update to V5.2.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109767965
- Update to V5.5.0 or later version https://support.industry.siemens.com/cs/ww/en/view/109792534/
- Update to V4.1.3 or later version https://support.industry.siemens.com/cs/document/109773547
Affected Vendors
Siemens
Affected Products (4)
Siemens
·
SCALANCE X-200 switch family (incl.'SIPLUS NET variants)
<V5.2.4
Siemens
·
SCALANCE X-200IRT switch family (incl.'SIPLUS NET variants)
<V5.5.0
Siemens
·
SCALANCE X-300 switch family (incl.'X408 and SIPLUS NET variants)
<V4.1.3
Siemens
·
SCALANCE X-414-3E
vers:all/*
Affected Sectors
Multiple
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more