Because of a recently discovered vulnerability, attackers can remotely hack Siemens industrial switches and other...
communication devices. What is the vulnerability, and how can it be exploited?
The default configuration of the Ruggedcom Discovery Protocol (RCDP) enables the Ruggedcom Explorer management tool to discover and configure Rugged Operating System (ROS)-based devices on any IP network configuration. This leaves the door open for attackers located in the adjacent network to perform unauthorized administration actions on Ruggedcom switches.
Successful exploitation of this vulnerability could enable attackers to remotely hack Scalance X and Ruggedcom switches sold by Siemens AG. Ruggedcom switches are used to connect devices in harsh environments -- like the systems used for electric power infrastructures, transportation controls or military applications. Scalance X switches are used to connect industrial components, such as programmable logic controllers.
Attackers can use this vulnerability to cause traffic control cabinets to malfunction, leading to road accidents or bringing traffic to a standstill, while electric utility substations using Ruggedcom switches can also be exploited to stop working altogether.
Scalance X and Ruggedcom Ethernet switches connect with programmable logic controllers and human-machine interfaces. A programmable controller is a solid-state modular computer used for automated control of industrial machinery. A human-machine interface is a device that enables interactions between a human and a switch, controller or machine.
Attackers exploiting this vulnerability can cause the controllers and the human-machine interfaces to perform erratically or not at all. The serial-to-Ethernet devices running the ROS -- the operating system used in Ruggedcom network infrastructure devices -- are not immune to the vulnerability.
Siemens provides Ruggedcom ROS firmware versions 4.3.4, 5.0.1 and Ruggedcom Explorer 1.5.2 to fix the vulnerability. Legitimate users of the Ruggedcom switches are advised to get free firmware updates from the Ruggedcom support team.
To keep out attackers, Siemens is preparing patches for the remaining affected products. These products include Scalance XB-200, XC-200, XP-200, XR-300 WG, XR-500 and XM switches with all versions newer than ROS 3.0; and for Scalance XR-500 and XM-400 with all versions newer than ROS 6.1.
Users are advised to mitigate these attacks by manually disabling RCDP according to the instructions in the user guide. The effects of disabling the protocol need to be monitored and reported to Siemens.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Network device security: Appliances, firewalls and switches
Related Q&A from Judith Myerson
Air-gapped computers subject to PowerHammer attack: Proof-of-concept attack enables data exfiltration through control of current flow over power ... Continue Reading
Bastille researchers created the SirenJack proof of concept to show how a vulnerability could put San Francisco's emergency warning system at risk. ... Continue Reading
A QR code vulnerability was recently discovered in the Apple iOS 11 camera app. Learn how an attacker could exploit it and how to avoid the issue ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.