Full Report
SCALANCE XB-200/XC-200/XP-200/XF-200BA/XR-300WG Family is affected by multiple vulnerabilities. CVE-2023-44318 and CVE-2023-44321 were previously published as part of SSA-699386. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where fixes are not, or not yet available.
Analysis Summary
# Vulnerability: Multiple Flaws in Siemens SCALANCE Managed Switches
## CVE Details
**Vulnerability 1**
- **CVE ID:** CVE-2023-44318
- **CVSS Score:** 4.9 (Medium) - CVSS v3.1 / 6.9 (Medium) - CVSS v4.0
- **CWE:** CWE-321 (Use of Hard-coded Cryptographic Key)
**Vulnerability 2**
- **CVE ID:** CVE-2023-44321
- **CVSS Score:** 2.7 (Low) - CVSS v3.1 / 5.1 (Medium) - CVSS v4.0
- **CWE:** CWE-400 (Uncontrolled Resource Consumption)
## Affected Systems
- **Products:** SCALANCE XB-200, XC-200, XP-200, XF-200BA, and XR-300WG families.
- **Versions:**
- **CVE-2023-44321:** All versions < V4.6.
- **CVE-2023-44318:** All versions (currently no fix planned).
- **Configurations:** Systems where administrative access is enabled or where configuration backup files are stored/transmitted.
## Vulnerability Description
- **CVE-2023-44318:** Affected devices utilize a hardcoded cryptographic key to "obfuscate" configuration backups. If an attacker obtains an exported configuration file, they can use the known key to decrypt/extract sensitive configuration information.
- **CVE-2023-44321:** The web management interface fails to properly validate input lengths during specific configuration changes. A malicious administrative user can provide oversized inputs to trigger a Denial of Service (DoS) of the web interface.
## Exploitation
- **Status:** Not reported as exploited in the wild; PoC not public (per provided text).
- **Complexity:** Low (requires administrative privileges or access to backup files).
- **Attack Vector:** Network (the management interface or file access).
## Impact
- **Confidentiality:** High (CVE-2023-44318 allows extraction of full configuration data).
- **Integrity:** None.
- **Availability:** Low (CVE-2023-44321 causes Web UI DoS; requires physical or serial restart to restore).
## Remediation
### Patches
- **CVE-2023-44321:** Update affected products to **V4.6** or later.
- **CVE-2023-44318:** No fix is currently planned by the vendor.
### Workarounds
- **Secure Backup Storage:** Protect exported configuration files (CVE-2023-44318) with strong external encryption and restrict access to authorized personnel only.
- **Restrict Access:** Limit access to the web management interface to trusted IP addresses or management VLANs.
- **Role-Based Access Control:** Apply the principle of least privilege for administrative accounts to minimize the risk of intentional or accidental DoS.
## Detection
- **Indicators of Compromise:** Unexpected unresponsiveness of the Web Management Interface (requiring a reboot).
- **Detection Methods:** Monitor audit logs for unusual configuration change attempts or unauthorized access to configuration backup repositories.
## References
- **Vendor Advisory:** SSA-353002
- **Advisory Link:** hxxps://cert-portal[.]siemens[.]com/productcert/html/ssa-353002[.]html
- **Firmware Downloads:** hxxps://support[.]industry[.]siemens[.]com/cs/ww/en/view/109977185/
- **Industrial Security Guidance:** hxxps://www[.]siemens[.]com/industrialsecurity