August 11, 2020

CISA has updated this advisory with additional details on mitigation measures. Read the advisory at CISA.

February 13, 2020

CISA has published an advisory on resource exhaustion and cross-site scripting vulnerabilities in Siemens SCALANCE S-600 Firewall. Multiple products and versions of these products are affected. These vulnerabilities could allow a remote attacker to conduct denial-of-service or cross-site scripting attacks. User interaction is required for a successful exploitation of the cross-site-scripting attack. For SCALANCE S602 v3.0, Siemens recommends only accessing links from trusted sources in the browser you use to access the SCALANCE S administration website. For SCALANCE S612, all versions v3.0 or higher, SCALANCE S623, all versions v3.0 or higher, and SCALANCE S627-2M, all versions v3.0 or higher, Siemens recommends migrating to SCALANCE SC-600 Industrial Security Appliances. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.