January 20, 2020

CISA has updated this advisory with additional information on the affected products and mitigating measures. Read the advisory at CISA.

June 12, 2019

The NCCIC has published an advisory on a storing passwords in recoverable format vulnerability in Siemens SCALANCE X. Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could allow an attacker to reconstruct passwords for users of the affected devices, if the attacker is able to obtain a backup of the device configuration. Siemens has identified specific workarounds and mitigations to reduce the risk. The NCCIC also advised on a series of mitigating measures for the vulnerabilities. Read the advisory at NCCIC/ICS-CERT.