Siemens SCALANCE W700

Plan PatchCVSS 9.1ICS-CERT ICSA-24-256-13Sep 10, 2024

Siemens

Attack path

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

A code injection vulnerability exists in Siemens SCALANCE W700 wireless devices (multiple models: WAB762-1, WAM763-1, WAM766-1 and variants, WUB762-1, WUM763-1, WUM766-1) in firmware versions prior to 2.4.0. The vulnerability is triggered through malicious code injection that could allow remote code execution on the affected device. The device's role in providing wireless connectivity to industrial equipment means successful exploitation could disrupt network communications for control systems and connected devices.

What this means

What could happen

An attacker with high privileges (administrative access) could inject malicious code into a SCALANCE W700 wireless device, gaining remote command execution and potentially disrupting network connectivity for industrial devices and control systems that depend on this device for wireless communications.

Who's at risk

Water utilities, electric utilities, and other industrial facilities using Siemens SCALANCE W700 series wireless devices (WAB762, WAM763, WAM766, WUB762, WUM763, WUM766) for industrial network connectivity. These devices are critical for wireless communication in control system environments where network interruption could disrupt monitoring and control of physical infrastructure.

How it could be exploited

An attacker with administrative credentials could inject code through the device's configuration or management interface (likely web-based). Once code is injected, it executes with the device's privileges, potentially allowing the attacker to modify routing, intercept traffic, or block wireless communications to connected industrial equipment.

Prerequisites

Administrative credentials or access to the device management interface
Network access to the device's management port or web interface (typically port 80/443)
Device running firmware version prior to V2.4.0

remotely exploitablehigh complexity attack (requires administrative credentials)affects network connectivity for control systemsCVSS 9.1 (critical)

Exploitability

Unlikely to be exploited — EPSS score 0.5%

Affected products (16)

16 with fix

ProductAffected VersionsFix Status

SCALANCE WAB762-1<V2.4.02.4.0

SCALANCE WAM763-1<V2.4.02.4.0

SCALANCE WAM763-1 (ME)<V2.4.02.4.0

SCALANCE WAM763-1 (US)<V2.4.02.4.0

SCALANCE WAM766-1 (EU)<V2.4.02.4.0

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to the device management interface to authorized engineering workstations only using firewall rules or network segmentation

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all affected SCALANCE W700 devices to firmware version 2.4.0 or later

Long-term hardening

0/2

HARDENINGDisable remote management of wireless devices if not required for operations

HARDENINGEnsure SCALANCE W700 devices are located behind firewalls and isolated from direct internet access

CVEs (1)

CVE-2023-44373

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c450cd7a-0639-41e4-b634-5ca3891fdbaa

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.