SSA-443566 (Last Update: 2020-01-14): Authentication Bypass in SCALANCE X Switches Families


2020-01-14 00:00:00 UTC


Several SCALANCE X switches are affected by an Authentication Bypass vulnerability. The vulnerability allows an unauthenticated attacker to violate access-control rules. The vulnerability can be exploited by sending a GET request to a specific uniform resource locator on the web configuration interface of the device.

The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration.

Siemens recommends to upgrade the SCALANCE X-300 and X408 switches to firmware version V4.1.3.