Siemens SCALANCE and RUGGEDCOM Products OpenVPN Authentication Vulnerability

A vulnerability exists in multiple Siemens products, including the RUGGEDCOM RM1224 LTE(4G) EU and NAM models, various SCALANCE M800 and M812-1 ADSL-Router families, as well as the SCALANCE M874-2, M874-3, M876-3, M876-4, MUB852-1, MUM853-1, MUM856-1, S615 EEC LAN-Router, and the SC-600 family. All versions prior to 8.2.1 are affected. The vulnerability arises from improper validation of usernames during OpenVPN authentication, potentially allowing an attacker to have partial invalid usernames accepted by the server.

Impact

Exploitation of this vulnerability could lead to improper authentication validation, allowing for partial invalid usernames to be accepted by the OpenVPN server.

Remediation

Users of the SCALANCE M-800 family, including S615, MUM-800, and RM1224 models, should update to version 8.2.1 or later. For the SCALANCE SC-600 family, no fix is currently available, but users should apply a strong password policy and follow Siemens' operational guidelines for Industrial Security.