Siemens SCALANCE X (Update B) (ICSA-19-085-01) – Products Used in the Water and Wastewater and Energy Sectors

January 14, 2020

CISA has updated this advisory with additional information on the affected products and mitigating measures. Read the advisory at CISA.

June 11, 2019

The NCCIC has updated this advisory with additional information on the affected products and mitigating measures. Read the advisory at NCCIC/ICS-CERT.

March 26, 2019

The NCCIC has published an advisory on an expected behavior violation vulnerability in Siemens SCALANCE X. Numerous products and versions of those products are affected. Successful exploitation of this vulnerability could allow an attacker to feed data over a mirror port and into the mirrored network. Siemens has identified specific workarounds/mitigations that users can implement for one of the affected products. For the others, Siemens recommends users apply defense in depth principles, particularly ensuring that no devices that transmit data back in the mirroring network are operated within the mirrored network. The NCCIC also offers a series of measures to address this vulnerability. Read the advisory at NCCIC/ICS-CERT.