WaterISAC Navigation
  • About
  • Report Incident
  • Contact Us
  • Become a Member
  • NRWA Signup
  • WaterISAC Champions
  • About
  • Report Incident
  • Contact Us
  • Become a Member
  • NRWA Signup
  • WaterISAC Champions
Home Posts Siemens SCALANCE X Switches (Update A) (ICSA-18-163-02) – Products Used in the Water and Wastewater and Energy Sectors
Become a Member

Log in

  • Upcoming Events
  • Resource Center
  • Tools
  • Webcasts
  • Contaminant Databases
  • Community Partners
  • About
  • Log in

  • My Account

  • Logout

  • Report Incident
  • Contact Us
  • NRWA Signup
  • WaterISAC Champions
More Resources

Siemens SCALANCE X Switches (Update A) (ICSA-18-163-02) – Products Used in the Water and Wastewater and Energy Sectors

Author: Charles Egli

Created: Tuesday, January 14, 2020 - 15:39

Categories: Cybersecurity

January 14, 2020

CISA has updated this advisory with additional information on the affected products and mitigating measures. Read the advisory at CISA.

June 14, 2018

The NCCIC has released an advisory on a cross-site scripting vulnerability in Siemens SCALANCE X Switches. The following versions of products are affected: for SCALANCE X-200, all versions prior to v5.2.3; for SCALANCE X-200 IRT, all versions prior to 5.4.1; for SCALANCE X300, all versions. Successful exploitation of these vulnerabilities could allow an attacker to store script code on the website and execute cross-site scripting (XSS), affecting the website’s confidentiality, integrity, and availability. However, no known public exploits specifically target these vulnerabilities, and high skill level would be needed to exploit them. Siemens has provided updates for SCALANCE X-200 and X-200 IRT to fix the vulnerabilities. As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.

Related Resources

Members Only

(TLP:AMBER) DHS Office of Intelligence and Analysis Reports (July 2, 2026)

Jul 2, 2026 in Cybersecurity, Federal & State Resources, Security Preparedness

(TLP CLEAR) Weekly Vulnerabilities to Prioritize – July 2, 2026

Jul 2, 2026 in Cybersecurity, Security Preparedness

(TLP:CLEAR) Vulnerability Notification – SimpleHelp RMM Authentication Bypass Exploited, CVE-2026-48588

Jul 1, 2026 in Cybersecurity, Security Preparedness

Become a Member
FAQs
About
Report Incident
Traffic Light Protocol (TLP)

Terms & Conditions
Privacy Policy
AI Policy
Contact Us

LinkedIn

1250 I Street NW, Suite 350
Washington, DC 20005
1-866-H2O-ISAC (1-866-426-4722)
© 2026 WaterISAC. All Rights Reserved.

Toggle the Widgetbar