Full Report
SCALANCE M-800 and SC-600 families are affected by improper input validation in the OpenVPN authentication. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
Analysis Summary
# Vulnerability: Improper OpenVPN Credential Validation in Siemens SCALANCE and RUGGEDCOM
## CVE Details
- **CVE ID:** CVE-2025-23384
- **CVSS Score:**
- **General:** 3.7 (Low) via CVSS v3.1 / 6.3 (Medium) via CVSS v4.0
- **SCALANCE SC-600 specific:** 2.2 (Low) via CVSS v3.1 / 2.1 (Low) via CVSS v4.0
- **CWE:** CWE-187 (Partial String Comparison)
## Affected Systems
- **Products:**
- SCALANCE M-800 family (including S615, MUM-800, M804PB, M812-1, M816-1, M826-2, M874-2)
- SCALANCE SC-600 family
- RUGGEDCOM RM1224 family
- **Versions:** All versions prior to V8.2.1
- **Configurations:** Systems utilizing OpenVPN for remote access/authentication.
## Vulnerability Description
The affected devices fail to properly validate usernames during the OpenVPN authentication process due to a partial string comparison flaw. An attacker can provide a username that is only a partial match of a valid username, and the server may incorrectly accept these credentials as valid.
## Exploitation
- **Status:** PoC Available (Exploitation evidence 'P' in CVSS vector)
- **Complexity:**
- **General:** Low (CVSS 4.0) to High (CVSS 3.1)
- **SCALANCE SC-600:** Requires the attacker to already possess a valid certificate.
- **Attack Vector:** Network
## Impact
- **Confidentiality:** None
- **Integrity:** Low (An attacker may gain unauthorized access or bypass intended identity restrictions)
- **Availability:** None
## Remediation
### Patches
Siemens recommends updating affected products to the following versions:
- **SCALANCE M-800 / RUGGEDCOM RM1224:** Update to **V8.2.1** or later.
- **SCALANCE SC-600:** Siemens is currently preparing fix versions (refer to the latest advisory updates for release).
### Workarounds
For products where fixes are not yet available:
- Follow general Industrial Security guidelines to restrict network access to the devices.
- Ensure only trusted personnel have access to the network and authentication certificates.
- Adhere to the specific operational guidelines provided by Siemens.
## Detection
- **Indicators of Compromise:** Monitor OpenVPN authentication logs for unusual or truncated usernames that successfully authenticate.
- **Detection methods and tools:** Audit OpenVPN configurations and review access logs for discrepancies between provided usernames and established identity stores.
## References
- **Vendor Advisory:** hxxps://cert-portal[.]siemens[.]com/productcert/pdf/ssa-280834.pdf
- **Siemens Industrial Security Guidelines:** hxxps://www[.]siemens[.]com/cert/operational-guidelines-industrial-security
- **Software Downloads:** hxxps://support[.]industry[.]siemens[.]com/cs/ww/en/view/109983338/