SSA-693776

Siemens Security Advisory by Siemens ProductCERT

SSA-693776: Multiple Vulnerabilities in Industrial Communication Devices based on SINEC OS before V3.2

Publication Date:	2025-06-10
Last Update:	2025-06-10
Current Version:	V1.0
CVSS v3.1 Base Score:	6.5
CVSS v4.0 Base Score:	7.1

SUMMARY

Several Industrial Communication Devices based on SINEC OS before V3.2 contain multiple vulnerabilities that could allow an attacker to circumvent authorization checks and perform actions that exceed the permissions of the "guest" role.

Siemens has released new versions for the affected products and recommends to update to the latest versions.

KNOWN AFFECTED PRODUCTS

Un-/Collapse All

Affected Product and Versions	Remediation
RUGGEDCOM RST2428P (6GK6242-6PA00) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XC-300 family	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XC316-8 (6GK5324-8TS00-2AC2) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XC324-4 (6GK5328-4TS00-2AC2) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XC332 (6GK5332-0GA00-2AC2) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XC-400 family	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XC416-8 (6GK5424-8TR00-2AC2) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XC424-4 (6GK5428-4TR00-2AC2) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XC432 (6GK5432-0GR00-2AC2) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XCM-/XRM-/XCH-/XRH-300 family	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XCH328 (6GK5328-4TS01-2EC2) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XCM324 (6GK5324-8TS01-2AC2) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XCM328 (6GK5328-4TS01-2AC2) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XCM332 (6GK5332-0GA01-2AC2) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XM-400/XR-500 family	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XR-500 family	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XR502-32 (6GK5534-5TR00-2AR3) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XR502-32 (6GK5534-5TR00-3AR3) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XR502-32 (6GK5534-5TR00-4AR3) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XR522-12 (6GK5534-3TR00-2AR3) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XR522-12 (6GK5534-3TR00-3AR3) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XR522-12 (6GK5534-3TR00-4AR3) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XR526-8 (6GK5534-2TR00-2AR3) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XR526-8 (6GK5534-2TR00-3AR3) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XR526-8 (6GK5534-2TR00-4AR3) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XR-300 (6GK5334-xTSxx) family	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XR302-32 (6GK5334-5TS00-2AR3) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XR302-32 (6GK5334-5TS00-3AR3) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XR302-32 (6GK5334-5TS00-4AR3) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XR322-12 (6GK5334-3TS00-2AR3) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XR322-12 (6GK5334-3TS00-3AR3) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XR322-12 (6GK5334-3TS00-4AR3) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XR326-8 (6GK5334-2TS00-2AR3) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XR326-8 (6GK5334-2TS00-3AR3) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XR326-8 (6GK5334-2TS00-4AR3) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/
SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3) All versions < V3.2 affected by all CVEs CVE-2025-40567 CVE-2025-40568 CVE-2025-40569	Update to V3.2 or later version https://support.industry.siemens.com/cs/ww/en/view/109988839/

WORKAROUNDS AND MITIGATIONS

Please follow the General Security Recommendations.

GENERAL SECURITY RECOMMENDATIONS

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

PRODUCT DESCRIPTION

RUGGEDCOM RST2428P is a SINEC OS-based Layer 2 Ethernet switch with up to 28 non-blocking interfaces.

SCALANCE X switches are used to connect industrial components like Programmable Logic Controllers (PLCs) or Human Machine Interfaces (HMIs).

VULNERABILITY DESCRIPTION

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

Vulnerability CVE-2025-40567

The "Load Rollback" functionality in the web interface of affected products contains an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with "guest" role to make the affected product roll back configuration changes made by privileged users.

CVSS v3.1 Base Score	6.5
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVSS v4.0 Base Score	7.1
CVSS v4.0 Vector	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
CWE	CWE-863: Incorrect Authorization

Vulnerability CVE-2025-40568

An internal session termination functionality in the web interface of affected products contains an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with "guest" role to terminate legitimate users' sessions.

CVSS v3.1 Base Score	4.3
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVSS v4.0 Base Score	5.3
CVSS v4.0 Vector	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
CWE	CWE-863: Incorrect Authorization

Vulnerability CVE-2025-40569

The "Load Configuration from Local PC" functionality in the web interface of affected products contains a race condition vulnerability. This could allow an authenticated remote attacker to make the affected product load an attacker controlled configuration instead of the legitimate one. Successful exploitation requires that a legitimate administrator invokes the functionality and the attacker wins the race condition.

CVSS v3.1 Base Score	4.8
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
CVSS v4.0 Base Score	5.9
CVSS v4.0 Vector	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
CWE	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ADDITIONAL INFORMATION

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

HISTORY DATA

V1.0 (2025-06-10):

Publication Date

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.