Multiple OpenSSL Vulnerabilities in SCALANCE W1750D Devices

Act Now7.4SSA-203374Mar 14, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

The SCALANCE W1750D device contains multiple vulnerabilities in the integrated OpenSSL component (CWE-326 weak cryptography, CWE-415/416 use-after-free, CWE-20 improper input validation) that allow an attacker to read memory contents, decrypt RSA-encrypted messages, or cause a denial of service condition.

What this means

What could happen

An attacker could read sensitive data from device memory (including encryption keys and credentials), decrypt encrypted communications between control devices, or crash the access point to disrupt wireless network connectivity to critical equipment. Loss of wireless connectivity could interrupt remote monitoring or control operations.

Who's at risk

Operators of Siemens SCALANCE W1750D wireless access points, commonly deployed as part of industrial wireless networks in manufacturing plants, refineries, and utilities. These devices are often used to extend network connectivity to field devices and remote PLC installations.

How it could be exploited

An attacker with network access to the SCALANCE W1750D (typically through the WiFi network or Ethernet management interface) could send specially crafted SSL/TLS handshake packets to trigger memory read or use-after-free conditions. No authentication is required. Successful exploitation could expose RSA private keys stored in device memory, allowing decryption of past communications, or crash the device to trigger a denial of service.

Prerequisites

Network access to the SCALANCE W1750D Ethernet management port or wireless SSID
No credentials required
Device must be running firmware version prior to 8.10.0.9

remotely exploitableno authentication requiredhigh EPSS score (88.5%)affects wireless network infrastructurecould expose encryption keys

Exploitability

High exploit probability (EPSS 88.5%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

SCALANCE W1750D (JP)<V8.10.0.98.10.0.9

SCALANCE W1750D (ROW)<V8.10.0.98.10.0.9

SCALANCE W1750D (USA)<V8.10.0.98.10.0.9

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SCALANCE W1750D firmware to version 8.10.0.9 or later. Request the firmware update from Siemens customer support.

CVEs (4)

CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/cec3b1a9-549e-4129-b6ba-a28d330a7547