SSA-951513 (Last Update: 2020-02-11): Clickjacking Vulnerability in SCALANCE X-300, X-200IRT, and X-200 Switch Families

Published

2020-02-11 00:00:00 UTC

Summary

Several SCALANCE X switches contain a vulnerability that could allow an attacker to perform administrative actions if the victim is tricked into clicking on a website controlled by the attacker. The attack only works if the victim has an authenticated session on the administrative interface of the switch.

Siemens has released updates (see below), which are recommended to be applied when possible. Additionally, specific countermeasures can also be found in this document.