ICSA-19-134-07 Siemens SCALANCE W1750D

Act Now9.8ICS-CERT ICSA-19-134-07May 14, 2019

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The SCALANCE W1750D wireless access point contains multiple vulnerabilities (CWE-77 command injection, CWE-200 information exposure, CWE-79 cross-site scripting) in versions before 8.4.0.1. The vulnerabilities are present in the web-based management interface and can be exploited remotely with no authentication or user interaction required. CVSS score is 9.8 (critical). EPSS score is 28.6%, indicating high likelihood of exploitation.

What this means

What could happen

An attacker can gain full control of the wireless access point from the network, potentially allowing them to intercept, redirect, or block communications between your plant devices and the business network. This could disrupt SCADA communications, VPN connections, or prevent remote monitoring of critical systems.

Who's at risk

This affects organizations operating Siemens SCALANCE W1750D wireless access points, which are commonly deployed in industrial facilities for SCADA network connectivity, remote monitoring, and plant-to-office communications. Any facility using this device for critical network connectivity should prioritize remediation.

How it could be exploited

An attacker on the network sends a specially crafted request to the web management interface on port 80 or 443. No credentials are needed. The request exploits a command injection flaw (CWE-77) in the interface to execute arbitrary commands on the device, gaining administrative control. The attacker can then reconfigure the device, steal credentials, or install persistent malware.

Prerequisites

Network access to the SCALANCE W1750D web management interface (port 80 or 443)
No valid credentials required
Device running firmware version 8.4.0.0 or earlier

Remotely exploitableNo authentication requiredLow complexity attackHigh EPSS score (28.6%)CVSS critical (9.8)Network infrastructure device

Exploitability

High exploit probability (EPSS 28.6%)

Affected products (1)

ProductAffected VersionsFix Status

SCALANCE W1750D<V8.4.0.18.4.0.1 or later

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDRestrict access to the web-based management interface to internal network or VPN only using firewall rules

WORKAROUNDDo not browse external websites or click external links while authenticated to the administrative web interface

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade SCALANCE W1750D to firmware version 8.4.0.1 or later

Long-term hardening

0/2

HARDENINGIsolate the SCALANCE W1750D and other wireless access points from the business network using network segmentation

HARDENINGEnsure the device is not accessible from the Internet and is located behind firewalls

CVEs (5)

CVE-2018-7084 CVE-2018-7083 CVE-2018-16417 CVE-2018-7082 CVE-2018-7064

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/11c91155-ce49-48d3-9637-442bdb1c7077