Siemens SCALANCE W1750D
Act Now8.4ICS-CERT ICSA-23-131-02May 9, 2023
Attack VectorAdjacent
Auth RequiredLow
ComplexityLow
User InteractionRequired
Summary
The SCALANCE W1750D wireless access point is vulnerable to Wi-Fi encryption bypass attacks known as "Framing Frames" that allow attackers within Wi-Fi range to decrypt and intercept traffic, potentially disclosing sensitive information or stealing user sessions. The vulnerability affects all regional variants (JP, ROW, USA) in firmware versions prior to 8.10.0.6. Siemens has released firmware updates to address the issue. The vulnerability is not remotely exploitable and requires the attacker to be physically near the device, but no public exploit is available yet.
What this means
What could happen
An attacker within radio range could bypass Wi-Fi encryption on the SCALANCE W1750D wireless access point, potentially intercepting sensitive data or stealing user sessions connected to the device.
Who's at risk
Water utilities, electric utilities, and other industrial facilities using SCALANCE W1750D wireless access points for remote monitoring or engineering workstation connectivity should prioritize this update. The device provides wireless network access that may carry credentials or configuration data for critical control systems.
How it could be exploited
An attacker must be physically within Wi-Fi range of the SCALANCE W1750D. They use "Framing Frames" wireless encryption bypass techniques to intercept and decrypt Wi-Fi traffic, capturing session credentials or sensitive information being transmitted through the device.
Prerequisites
- Physical proximity to the SCALANCE W1750D (within Wi-Fi broadcast range)
- Attacker must have basic Wi-Fi sniffing tools
- Device must be operating with affected firmware version below 8.10.0.6
Low complexity exploitationHigh EPSS score (20.4%)Wi-Fi encryption bypass vulnerabilityAffects wireless access control for industrial systems
Exploitability
High exploit probability (EPSS 20.4%)
Affected products (3)
3 with fix
ProductAffected VersionsFix Status
SCALANCE W1750D (JP)<V8.10.0.68.10.0.6
SCALANCE W1750D (ROW)<V8.10.0.68.10.0.6
SCALANCE W1750D (USA)<V8.10.0.68.10.0.6
Remediation & Mitigation
0/4
Do now
0/1WORKAROUNDDisable Wi-Fi access on the SCALANCE W1750D if it is not operationally required, reducing the attack surface
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
SCALANCE W1750D (ROW)
HOTFIXUpdate SCALANCE W1750D to firmware version 8.10.0.6 or later (available for JP, ROW, and USA variants)
Long-term hardening
0/2HARDENINGPhysically limit access to the SCALANCE W1750D deployment location to reduce attacker proximity opportunities
HARDENINGIsolate the SCALANCE W1750D and its connected wireless clients from untrusted network segments using firewall rules and network segmentation
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/74456c68-fa89-41ad-8488-8fe16b85d1eb