Siemens SCALANCE

Plan PatchCVSS 9.1ICS-CERT ICSA-26-111-07Apr 14, 2026

Siemens

Attack path

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

SCALANCE W-700 IEEE 802.11n wireless access points (all models, firmware versions before 6.6.0) contain multiple vulnerabilities including authentication bypass, input validation failures, and resource exhaustion issues (CWE-306, CWE-287, CWE-74, CWE-354, CWE-20, CWE-125, CWE-835, CWE-862, CWE-770, CWE-80). These weaknesses allow an attacker within Wi-Fi range to bypass authentication controls, inject malicious input, and potentially execute arbitrary commands on the device. Siemens has released firmware version 6.6.0 as a fix.

What this means

What could happen

An attacker within Wi-Fi range of a SCALANCE W-700 wireless access point could bypass authentication, inject arbitrary commands, or cause the device to stop operating. This could disrupt network connectivity to field devices, PLCs, or remote I/O modules that depend on the wireless link.

Who's at risk

Water utilities, electric utilities, and manufacturing facilities using Siemens SCALANCE W-700 series wireless access points (models W721, W722, W734, W738, W748, W761, W774, W778, W786, W788) for industrial network connectivity. Any facility relying on these devices to connect remote field equipment or wireless I/O modules is affected.

How it could be exploited

An attacker positioned within Wi-Fi range of an affected SCALANCE device can exploit multiple authentication and input validation weaknesses to gain administrative access or execute code. The attacker does not need valid credentials or to be on the corporate network—only proximity to the wireless signal is required.

Prerequisites

Attacker must be within Wi-Fi range of the SCALANCE W-700 access point
No valid credentials required

remotely exploitableno authentication requiredlow complexityaffects industrial network connectivity

Exploitability

Some exploitation risk — EPSS score 5.9%

Affected products (23)

23 with fix

ProductAffected VersionsFix Status

SCALANCE W721-1 RJ45< 6.6.06.6.0

SCALANCE W722-1 RJ45< 6.6.06.6.0

SCALANCE W734-1 RJ45< 6.6.06.6.0

SCALANCE W734-1 RJ45 (USA)< 6.6.06.6.0

SCALANCE W738-1 M12< 6.6.06.6.0

Remediation & Mitigation

0/4

Do now

0/3

WORKAROUNDDisable A-MSDU on SCALANCE W-700 devices

HARDENINGReduce Wi-Fi transmission power on SCALANCE W-700 devices to minimize the range at which they can be accessed from outside your facility

HARDENINGEnsure SCALANCE W-700 devices are installed only in physically controlled areas with access restrictions to prevent unauthorized approach

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all SCALANCE W-700 devices running firmware versions below 6.6.0 to version 6.6.0 or later

CVEs (15)

CVE-2020-24588 CVE-2020-26139 CVE-2020-26140 CVE-2020-26141 CVE-2020-26143 CVE-2020-26144 CVE-2020-26146 CVE-2020-26147 CVE-2021-3712 CVE-2022-0778 CVE-2022-31765 CVE-2022-36323 CVE-2022-36324 CVE-2022-36325 CVE-2023-44373

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ec8b4f82-3efb-49e8-ac10-10c0c50d9e49

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.