SSA-856721 (Last Update: 2018-02-22): Vulnerability in RUGGEDCOM Discovery Protocol (RCDP) of Industrial Communication Devices

Published

2018-02-22 00:00:00

Summary

The RUGGEDCOM RCDP protocol is not properly configured after commissioning of RUGGEDCOM ROS based devices and some SCALANCE X switch models and could allow unauthenticated remote users to perform administrative operations. An attacker must be in the same adjacent network and the RCDP daemon must be enabled in order to exploit the vulnerability.

Siemens has released updates for all affected products and recommends that customers update to the new versions.