CVE-2020-28398 Siemens CVE debrief

Who should care

Organizations operating Siemens RUGGEDCOM ROX II industrial networking devices in critical infrastructure environments, including electric utilities, transportation systems, and manufacturing facilities where these ruggedized switches and routers are deployed.

Technical summary

The CLI feature embedded in the web interface of Siemens RUGGEDCOM ROX II devices fails to implement adequate CSRF protections. An attacker can craft malicious links that, when accessed by an authenticated administrator, execute unauthorized commands against the device's CLI interface. This enables reading sensitive configuration data or modifying operational parameters without the attacker's direct access to credentials. The attack requires user interaction (clicking a malicious link) but no authentication bypass, making it suitable for phishing campaigns targeting OT personnel.

Defensive priority

HIGH

Recommended defensive actions

• Apply vendor fix: Update affected RUGGEDCOM ROX II devices to firmware version 2.16.0 or later
• Implement network segmentation to restrict web interface access to authorized management stations
• Deploy defense-in-depth controls per CISA ICS recommended practices
• Train operators to verify link authenticity before clicking while authenticated to device web interfaces
• Monitor for unauthorized configuration changes on affected devices

Evidence notes

The vulnerability description and affected products are derived from CISA CSAF data with Siemens as the canonical vendor source. The CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C indicates network accessibility, low complexity, no privileges required but user interaction needed, with high impacts across all three security dimensions.

Official resources