Because of a recently discovered vulnerability, attackers can remotely hack Siemens industrial switches and other...
communication devices. What is the vulnerability, and how can it be exploited?
The default configuration of the Ruggedcom Discovery Protocol (RCDP) enables the Ruggedcom Explorer management tool to discover and configure Rugged Operating System (ROS)-based devices on any IP network configuration. This leaves the door open for attackers located in the adjacent network to perform unauthorized administration actions on Ruggedcom switches.
Successful exploitation of this vulnerability could enable attackers to remotely hack Scalance X and Ruggedcom switches sold by Siemens AG. Ruggedcom switches are used to connect devices in harsh environments -- like the systems used for electric power infrastructures, transportation controls or military applications. Scalance X switches are used to connect industrial components, such as programmable logic controllers.
Attackers can use this vulnerability to cause traffic control cabinets to malfunction, leading to road accidents or bringing traffic to a standstill, while electric utility substations using Ruggedcom switches can also be exploited to stop working altogether.
Scalance X and Ruggedcom Ethernet switches connect with programmable logic controllers and human-machine interfaces. A programmable controller is a solid-state modular computer used for automated control of industrial machinery. A human-machine interface is a device that enables interactions between a human and a switch, controller or machine.
Attackers exploiting this vulnerability can cause the controllers and the human-machine interfaces to perform erratically or not at all. The serial-to-Ethernet devices running the ROS -- the operating system used in Ruggedcom network infrastructure devices -- are not immune to the vulnerability.
Siemens provides Ruggedcom ROS firmware versions 4.3.4, 5.0.1 and Ruggedcom Explorer 1.5.2 to fix the vulnerability. Legitimate users of the Ruggedcom switches are advised to get free firmware updates from the Ruggedcom support team.
To keep out attackers, Siemens is preparing patches for the remaining affected products. These products include Scalance XB-200, XC-200, XP-200, XR-300 WG, XR-500 and XM switches with all versions newer than ROS 3.0; and for Scalance XR-500 and XM-400 with all versions newer than ROS 6.1.
Users are advised to mitigate these attacks by manually disabling RCDP according to the instructions in the user guide. The effects of disabling the protocol need to be monitored and reported to Siemens.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Network device security: Appliances, firewalls and switches
Related Q&A from Judith Myerson
The Constrained Application Protocol underpins IoT networks. But the protocol could allow a threat actor to launch an attack. Continue Reading
Dutch researchers discovered flaws in ATA security and TCG Opal affecting self-encrypting drives. What steps can you take to guard data stored on ... Continue Reading
The Signal Desktop application was found to be making decryption keys available in plaintext. Learn how the SQLite database and plaintext passwords ... Continue Reading