SSA-443566 (Last Update: 2020-01-14): Authentication Bypass in SCALANCE X Switches Families

Published

2020-01-14 00:00:00 UTC

Summary

Several SCALANCE X switches are affected by an Authentication Bypass vulnerability. The vulnerability allows an unauthenticated attacker to violate access-control rules. The vulnerability can be exploited by sending a GET request to a specific uniform resource locator on the web configuration interface of the device.

The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration.

Siemens recommends to upgrade the SCALANCE X-300 and X408 switches to firmware version V4.1.3.