Because of a recently discovered vulnerability, attackers can remotely hack Siemens industrial switches and other...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
communication devices. What is the vulnerability, and how can it be exploited?
The default configuration of the Ruggedcom Discovery Protocol (RCDP) enables the Ruggedcom Explorer management tool to discover and configure Rugged Operating System (ROS)-based devices on any IP network configuration. This leaves the door open for attackers located in the adjacent network to perform unauthorized administration actions on Ruggedcom switches.
Successful exploitation of this vulnerability could enable attackers to remotely hack Scalance X and Ruggedcom switches sold by Siemens AG. Ruggedcom switches are used to connect devices in harsh environments -- like the systems used for electric power infrastructures, transportation controls or military applications. Scalance X switches are used to connect industrial components, such as programmable logic controllers.
Attackers can use this vulnerability to cause traffic control cabinets to malfunction, leading to road accidents or bringing traffic to a standstill, while electric utility substations using Ruggedcom switches can also be exploited to stop working altogether.
Scalance X and Ruggedcom Ethernet switches connect with programmable logic controllers and human-machine interfaces. A programmable controller is a solid-state modular computer used for automated control of industrial machinery. A human-machine interface is a device that enables interactions between a human and a switch, controller or machine.
Attackers exploiting this vulnerability can cause the controllers and the human-machine interfaces to perform erratically or not at all. The serial-to-Ethernet devices running the ROS -- the operating system used in Ruggedcom network infrastructure devices -- are not immune to the vulnerability.
Siemens provides Ruggedcom ROS firmware versions 4.3.4, 5.0.1 and Ruggedcom Explorer 1.5.2 to fix the vulnerability. Legitimate users of the Ruggedcom switches are advised to get free firmware updates from the Ruggedcom support team.
To keep out attackers, Siemens is preparing patches for the remaining affected products. These products include Scalance XB-200, XC-200, XP-200, XR-300 WG, XR-500 and XM switches with all versions newer than ROS 3.0; and for Scalance XR-500 and XM-400 with all versions newer than ROS 6.1.
Users are advised to mitigate these attacks by manually disabling RCDP according to the instructions in the user guide. The effects of disabling the protocol need to be monitored and reported to Siemens.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Network device security: Appliances, firewalls and switches
Related Q&A from Judith Myerson
A patch was issued for the Dirty COW vulnerability, but researchers later discovered problems with the patch. Expert Judith Myerson explains what ...continue reading
Getting firewall settings right is one of the most basic ways to protect enterprise data from accidental exposures. Expert Judith Myerson discusses ...continue reading
Expert Judith Myerson explains how IP theft can happen despite the cryptographic protections in IEEE standard P1735, as well as what can be done to ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.