Siemens Scalance W-7xx Product Family Multiple Vulnerabilities

Act NowICS-CERT ICSA-13-213-01May 4, 2013

Summary

Siemens Scalance W-7xx product family contains authentication bypass vulnerabilities (CWE-287) and improper resource validation (CWE-1392). An attacker can bypass authentication mechanisms or bypass other security protections on the wireless access points. No patches are available from Siemens for any affected product in this family.

What this means

What could happen

An attacker with network access to a Scalance W-7xx wireless access point could bypass authentication or modify device configuration without proper credentials, potentially gaining control over the industrial network segment the device manages.

Who's at risk

Operators of industrial networks using Siemens Scalance W-7xx wireless access points are affected, particularly those in manufacturing, water utilities, and power distribution who rely on these devices for wireless connectivity to field devices, RTUs, or HMIs. The W-7xx line is a legacy product family used for secure industrial wireless networking.

How it could be exploited

An attacker on the network (or remotely if the device is internet-facing) sends specially crafted requests to the Scalance W-7xx device. The device fails to properly validate credentials or check authentication, allowing the attacker to execute administrative actions like configuration changes or credential extraction without logging in.

Prerequisites

Network access to the Scalance W-7xx device (port 80/443 HTTP/HTTPS or management interface)
No valid credentials required for exploitation

No authentication requiredLow complexityHigh EPSS score (11.1%)No patch availableRemotely exploitable

Exploitability

High exploit probability (EPSS 11.1%)

Affected products (19)

19 pending

ProductAffected VersionsFix Status

SCALANCE: W744-1W744-1No fix yet

SCALANCE: W746-1W746-1No fix yet

SCALANCE: W747-1W747-1No fix yet

SCALANCE: W744-1PROW744-1PRONo fix yet

SCALANCE: W746-1PROW746-1PRONo fix yet

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGImplement network segmentation to restrict access to Scalance W-7xx devices to authorized engineering and IT personnel only. Use firewall rules to limit traffic to management ports.

WORKAROUNDDisable remote management interfaces on Scalance W-7xx devices if not required for operations. Use local console-only management when possible.

HARDENINGEnable and enforce strong authentication on the Scalance W-7xx management interface. Change any default credentials and use complex passphrases.

Long-term hardening

0/2

HARDENINGMonitor Scalance W-7xx devices for unauthorized configuration changes or access attempts. Review logs regularly for suspicious activity.

HARDENINGContact Siemens to determine end-of-life status for your Scalance W-7xx models and plan replacement with current-generation products that receive security updates.

CVEs (2)

CVE-2013-4651 CVE-2013-4652

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/368a760f-bf8b-4d61-8332-692b5423df64