Siemens SCALANCE X Switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C (Update C) (ICSA-18-165-01) – Products Used in the Water and Wastewater and Energy Sectors

January 14, 2020

CISA has updated this advisory with additional information on the affected products and mitigating measures. Read the advisory at CISA.

June 11, 2019

The NCCIC has updated this advisory with additional information on the affected products and mitigating measures. NCCIC/ICS-CERT.

January 31, 2019

The NCCIC has updated this advisory with additional information on the nature of the vulnerability and mitigating measures. NCCIC/ICS-CERT.

June 14, 2018

The NCCIC has released an advisory on permissions, privileges, and access controls vulnerabilities in Siemens SCALANCE X Switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C. Multiple versions of these products are affected. By sending a specially-crafted DHCP response to a client’s DHCP request, an unprivileged remote attacker could execute arbitrary code. Siemens has provided updates to fix the vulnerability. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.