Siemens SCALANCE X Switches Vulnerability [CVE-2019-10942]

CVE number – CVE-2019-10942

An attacker may send large message packages repeatedly to the telnet service, which may allow a denial-of-service condition.

Younes Dragoni from Nozomi Networks reported this vulnerability to Siemens.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:

  • Disable telnet service on affected devices. Users should use SSH instead.
  • Restrict network access to Port 23/TCP of the device.

Siemens recommends users configure their environment according to Siemens’ operational guidelines for industrial security and follow the recommendations in the product manuals.

The following versions of SCALANCE X switches are affected:

  • SCALANCE X-200: All versions
  • SCALANCE X-200IRT: All versions
  • SCALANCE X-200RNA: All versions

Jason Davies

UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: