OTPulse
FeedAboutContact

Siemens SCALANCE W 1750D

Act Now9.8ICS-CERT ICSA-20-315-05Nov 10, 2020
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

The SCALANCE W1750D wireless access point contains an input validation flaw (CWE-20) that allows remote attackers to execute arbitrary code with full privileges. The vulnerability affects all versions of the device. Siemens has not released a firmware patch and recommends network isolation, firewall protection, and adherence to industrial security best practices as mitigations. The advisory notes that depending on network configuration and risk tolerance, no action may be required—however, this only applies if the device is already fully isolated from untrusted networks.

What this means
What could happen
An attacker with network access to the SCALANCE W1750D wireless access point could run arbitrary commands with full system privileges, compromising industrial network confidentiality, integrity, and availability. This could allow unauthorized control or monitoring of connected devices and process networks.
Who's at risk
Water utilities and municipal electric utilities operating wireless industrial networks using Siemens SCALANCE W1750D access points are affected. The device is commonly deployed as a wireless controller in control networks to provide connectivity for field devices, PLCs, and SCADA systems. Any organization relying on this device for critical process automation should prioritize network isolation and access controls.
How it could be exploited
An attacker on the network sends a specially crafted input packet to the SCALANCE W1750D (network-accessible wireless controller). Due to insufficient input validation, the device processes the malformed request and executes arbitrary code. No credentials or user interaction are required.
Prerequisites
  • Network access to the SCALANCE W1750D on port accessible to the attacker
  • No authentication required
Remotely exploitableNo authentication requiredLow complexity attackCritical severity (CVSS 9.8)No patch available from vendorHigh impact on confidentiality, integrity, and availability
Exploitability
Moderate exploit probability (EPSS 1.3%)
Affected products (1)
ProductAffected VersionsFix Status
SCALANCE W1750D: All versionsAll versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2
WORKAROUNDRestrict network access to SCALANCE W1750D devices using firewall rules—allow only authorized management and connected devices, deny all other inbound traffic
HARDENINGIsolate the wireless access point and its network segment from the business IT network with a DMZ or air gap; do not expose to the Internet
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HARDENINGReview and apply Control Plane Security Best Practices guidance from Siemens, and follow Siemens industrial security guidelines for environment configuration
HOTFIXCheck for and install any available firmware updates for the SCALANCE W1750D, following Siemens update procedures
Mitigations - no patch available
0/1
SCALANCE W1750D: All versions has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGIf remote access is required, implement a secure VPN with the latest patched version and strong authentication
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/922c0570-0d36-4343-b445-cd24899a27f2
Siemens SCALANCE W 1750D | CVSS 9.8 - OTPulse