Global PR Manager, IOActive, Inc.
T: +1 206 784 4313
IOActive Uncovers Multiple
Vulnerabilities in SCALANCE X-200 Switch Family
Siemens rapid, proactive response ensures timely delivery of firmware patch
Seattle, US ― January 9, 2014
the leading global provider of specialist information security
services, announced today that it has uncovered
multiple vulnerabilities in Siemens’ SCALANCE X-200 Switch Family.
These Ethernet switches are used to connect to
Systems (ICS) components like Programmable Logic Controllers
Human Machine Interfaces (HMIs). The switches enable remote diagnostics
and simplified configuration through a common web browser.
Senior security consultant for IOActive, Eireann
Leverett, discovered two vulnerabilities in the switches. Both
vulnerabilities were discovered in the web server authentication of the
product. The first vulnerability could allow an attacker to perform
administrative operations over the network without authentication,
gaining access to critical services. The second vulnerability could
allow an attacker to hijack web sessions over the network without
“Siemens ProductCERT were professional, courteous,
and did not adopt an adversarial attitude when I contacted them about
the vulnerabilities. Consequently, we were able to clarify the
vulnerabilities quickly, and they produced a patch within three
months,” said Leverett. “I challenge other ICS vendors to
match this timeline for
security patching in the future.”
As soon as IOActive notified the Industrial Control Systems Cyber
Emergency Response Team (ICS-CERT) of the vulnerabilities, Siemens
ProductCERT wasted little time resolving the issue.
Leverett added, “The speed at which Siemens
ProductCERT responded to the notification of these two vulnerabilities
is something to be applauded. IOActive has always pushed vendors to
respond when they receive notifications on vulnerabilities in their
products. Siemens is the perfect example of how companies should
respond when addressing these issues.”
Siemens ProductCERT is a team dedicated to accepting and handling
security issues and vulnerabilities within their products. They
co-ordinate with external and internal security researchers and work
closely with the company’s product teams to develop fixes. ProductCERT
publish the fixes as soon as they have been tested and credits the
researchers who discovered the issues. The very existence of this team
illustrates Siemens serious commitment to handling security issues
smoothly and quickly.
Siemens has addressed both issues by providing a firmware update for
the affected products.
Eireann Leverett will be demonstrating the vulnerabilities and
releasing code for asset owners to check their devices at next week’s
S4 conference in Miami. For more information on the event and Eireann’s
presentation, please visit: http://www.digitalbond.com/s4/.
is a comprehensive, high-end information security services firm with a
long and established pedigree in delivering elite security services to
its customers. Our world-renowned consulting and research teams deliver
a portfolio of specialist security services ranging from penetration
testing and application code assessment through to semiconductor
reverse engineering. Global 500 companies across every industry
continue to trust IOActive with their most critical and sensitive
security issues. Founded in 1998, IOActive is headquartered in Seattle,
Washington, with operations in North and South America, and Europe.
for more information. Read the IOActive Labs Research Blog: http://blog.ioactive.com.
Follow IOActive on Twitter: http://twitter.com/ioactive.