Full Report
SCALANCE XB-200/XC-200/XP-200/XF-200BA/XR-300WG Family before V4.5 is affected by multiple vulnerabilities. Siemens has released updates for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: Multiple Vulnerabilities in SCALANCE Networking Family
## CVE Details
This advisory covers 13 distinct vulnerabilities. The most critical identifiers are:
- **CVE ID:** CVE-2023-44373 (Critical), CVE-2023-44374 (Medium), CVE-2023-44322 (Low), and various OpenSSL-related CVEs (CVE-2022-4203, CVE-2022-4304, etc.)
- **CVSS Score:** 9.1 (Critical) for the primary injection flaw.
- **CWE:** CWE-74 (Injection), CWE-567 (Unsynchronized Access), CWE-252 (Unchecked Return Value).
## Affected Systems
- **Products:** SCALANCE XB-200, XC-200, XP-200, XF-200BA, and XR-300WG families.
- **Versions:** All versions prior to V4.5.
- **Configurations:** Systems utilizing web management interfaces, email notification services, or those relying on OpenSSL for secure communications.
## Vulnerability Description
The primary vulnerability (**CVE-2023-44373**) involves improper neutralization of special elements in an input field. An authenticated attacker can bypass sanitation to inject code, potentially spawning a system root shell.
Other flaws include:
- **Privilege Escalation (CVE-2023-44374):** Insufficient checking during password change processes allows a lower-privileged user to change the password of other users, including administrators.
- **Service Disruption (CVE-2023-44322):** Failure to check return values during SMTP communication can disable event notifications.
- **Cryptographic Flaws:** Integration of vulnerable OpenSSL libraries (pre-V3.0.8) leads to various memory exhaustion and timing side-channel risks.
## Exploitation
- **Status:** PoC available (Publicly disclosed/functional proof of concept exists for several components).
- **Complexity:** Low to High (Varies by CVE; CVE-2023-44373 is Low complexity).
- **Attack Vector:** Network.
## Impact
- **Confidentiality:** High (Total compromise of device data via root shell).
- **Integrity:** High (Ability to modify configurations and administrative credentials).
- **Availability:** High (Device/service disruption and full system control).
## Remediation
### Patches
- **Update to V4.5 or later:** Siemens has released firmware V4.5 for all affected SCALANCE families to resolve these vulnerabilities.
- Download link: hxxps://support.industry.siemens.com/cs/ww/en/view/109825818/
### Workarounds
- Restrict network access to the device management interfaces to trusted users and hosts only.
- Disable unused services (e.g., SMTP, Web-server) if not required for operations.
- Apply "Defense-in-Depth" principles by isolating the control and management planes.
## Detection
- **Indicators of Compromise:** Unusual administrative logins, unauthorized password changes, or unexpected system reboots/instability.
- **Detection Methods:** Monitor network traffic for suspicious strings in web management input fields. Audit system logs for successful/failed login attempts from unexpected IP addresses.
## References
- **Siemens Advisory:** hxxps://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf
- **Siemens ProductCERT:** hxxps://www.siemens.com/cert/advisories
- **General Terms:** hxxps://www.siemens.com/terms_of_use