Because of a recently discovered vulnerability, attackers can remotely hack Siemens industrial switches and other...
communication devices. What is the vulnerability, and how can it be exploited?
The default configuration of the Ruggedcom Discovery Protocol (RCDP) enables the Ruggedcom Explorer management tool to discover and configure Rugged Operating System (ROS)-based devices on any IP network configuration. This leaves the door open for attackers located in the adjacent network to perform unauthorized administration actions on Ruggedcom switches.
Successful exploitation of this vulnerability could enable attackers to remotely hack Scalance X and Ruggedcom switches sold by Siemens AG. Ruggedcom switches are used to connect devices in harsh environments -- like the systems used for electric power infrastructures, transportation controls or military applications. Scalance X switches are used to connect industrial components, such as programmable logic controllers.
Attackers can use this vulnerability to cause traffic control cabinets to malfunction, leading to road accidents or bringing traffic to a standstill, while electric utility substations using Ruggedcom switches can also be exploited to stop working altogether.
Scalance X and Ruggedcom Ethernet switches connect with programmable logic controllers and human-machine interfaces. A programmable controller is a solid-state modular computer used for automated control of industrial machinery. A human-machine interface is a device that enables interactions between a human and a switch, controller or machine.
Attackers exploiting this vulnerability can cause the controllers and the human-machine interfaces to perform erratically or not at all. The serial-to-Ethernet devices running the ROS -- the operating system used in Ruggedcom network infrastructure devices -- are not immune to the vulnerability.
Siemens provides Ruggedcom ROS firmware versions 4.3.4, 5.0.1 and Ruggedcom Explorer 1.5.2 to fix the vulnerability. Legitimate users of the Ruggedcom switches are advised to get free firmware updates from the Ruggedcom support team.
To keep out attackers, Siemens is preparing patches for the remaining affected products. These products include Scalance XB-200, XC-200, XP-200, XR-300 WG, XR-500 and XM switches with all versions newer than ROS 3.0; and for Scalance XR-500 and XM-400 with all versions newer than ROS 6.1.
Users are advised to mitigate these attacks by manually disabling RCDP according to the instructions in the user guide. The effects of disabling the protocol need to be monitored and reported to Siemens.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Network device security: Appliances, firewalls and switches
Related Q&A from Judith Myerson
GE reported an improper authentication flaw in its PulseNet network management software for critical infrastructures. Discover how this flaw works ... Continue Reading
Researchers claim to have found a new attack against VMs that affects SEV technology. Expert Judith Myerson explains what this attack is and how it ... Continue Reading
The Wi-Fi Alliance released the updated WPA3 protocol, adding security enhancements to the Wi-Fi access process. Learn why enterprises should update ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.