CVE number – CVE-2019-10942
An attacker may send large message packages repeatedly to the telnet service, which may allow a denial-of-service condition.
Younes Dragoni from Nozomi Networks reported this vulnerability to Siemens.
Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:
- Disable telnet service on affected devices. Users should use SSH instead.
- Restrict network access to Port 23/TCP of the device.
Siemens recommends users configure their environment according to Siemens’ operational guidelines for industrial security and follow the recommendations in the product manuals.
The following versions of SCALANCE X switches are affected:
- SCALANCE X-200: All versions
- SCALANCE X-200IRT: All versions
- SCALANCE X-200RNA: All versions
UK based technology professional, with an interest in computer security and telecoms.