Multiple Vulnerabilities in SCALANCE W1750D

Act Now9.8SSA-280624Oct 12, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The SCALANCE W1750D wireless access point contains multiple vulnerabilities including command injection (CWE-77, CWE-352) and buffer overflow flaws (CWE-120, CWE-22, CWE-311) that allow unauthenticated remote code execution or denial of service. An attacker with network access could execute arbitrary commands without valid credentials. Siemens has released firmware updates for most versions but devices running version 8.7.1.9 or later currently have no patch available.

What this means

What could happen

An attacker on the network could run arbitrary commands on the SCALANCE W1750D wireless access point without authentication, potentially disrupting network connectivity to connected industrial devices or altering device configuration.

Who's at risk

Water and electric utility operators managing wireless networks with SCALANCE W1750D access points. This device typically provides wireless connectivity to field instruments, remote monitoring devices, and maintenance workstations. Any disruption affects communication with these connected devices.

How it could be exploited

An attacker with network access to the W1750D could send specially crafted input to trigger command injection or buffer overflow vulnerabilities, executing arbitrary code with device privileges. This could happen directly from the Internet if the device is Internet-facing, or from within the network perimeter.

Prerequisites

Network access to the SCALANCE W1750D (IP reachable from attacker position)
No authentication required
Device running vulnerable firmware version (< 8.7.1.3 or 8.7.1.9+)

Remotely exploitableNo authentication requiredLow complexityMultiple vulnerability types (command injection and buffer overflow)Affects network infrastructure device that may be Internet-facingSome versions have no fix available

Exploitability

Moderate exploit probability (EPSS 3.6%)

Affected products (3)

2 with fix1 pending

ProductAffected VersionsFix Status

SCALANCE W1750D< V8.7.1.38.7.1.3

SCALANCE W1750D≥ 8.7.1.9No fix yet

SCALANCE W1750D≥ V8.7.1.3 < V8.7.1.98.7.1.9

Remediation & Mitigation

0/4

Do now

0/1

SCALANCE W1750D

HARDENINGImplement network access controls to restrict direct access to the SCALANCE W1750D management interface to authorized administrative networks only

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

SCALANCE W1750D

HOTFIXUpdate SCALANCE W1750D firmware to version 8.7.1.3 or later if currently running version earlier than 8.7.1.3

HOTFIXUpdate SCALANCE W1750D firmware to version 8.7.1.9 or later if currently running version 8.7.1.3 through 8.7.1.8

Long-term hardening

0/1

HARDENINGMonitor the Siemens security page for additional patches or workarounds for devices running version 8.7.1.9 or later

CVEs (15)

CVE-2019-5318 CVE-2021-37716 CVE-2021-37717 CVE-2021-37718 CVE-2021-37719 CVE-2021-37720 CVE-2021-37721 CVE-2021-37722 CVE-2021-37723 CVE-2021-37724 CVE-2021-37725 CVE-2021-37728 CVE-2021-37729 CVE-2021-37731 CVE-2021-37733

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c4b96a8d-dae9-4bfb-8e0b-518a274633ad