Multiple Vulnerabilities in SCALANCE W1750D

Act Now9.8SSA-506569Nov 8, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The SCALANCE W1750D device contains multiple vulnerabilities including command injection (CWE-77), buffer overflow (CWE-120), unvalidated input handling (CWE-20), and stored cross-site scripting (CWE-79). These could allow unauthenticated remote code execution, denial of service, or stored XSS attacks. Affected versions are before V8.7.1.11 (JP, ROW, and USA variants).

What this means

What could happen

An attacker could execute arbitrary commands on the SCALANCE W1750D wireless access point without authentication, potentially allowing them to modify network traffic, disconnect critical devices, or pivot into your operational network. A successful attack could disrupt communications with field devices and automation systems.

Who's at risk

This affects organizations using Siemens SCALANCE W1750D wireless access points in industrial networks, including water utilities and electric utilities that rely on these devices for plant floor connectivity and remote monitoring. Any facility using these access points for critical process communication or SCADA/ICS connectivity should prioritize remediation.

How it could be exploited

An attacker on the network can send specially crafted requests to the W1750D to exploit the command injection or buffer overflow vulnerabilities without providing credentials. By sending malicious input through the device's web interface or network services, the attacker can trigger code execution or cause the device to crash and deny service to connected devices.

Prerequisites

Network access to the SCALANCE W1750D device (typically on the industrial network segment)
Device running firmware version before V8.7.1.11
No authentication required for exploitation

remotely exploitableno authentication requiredlow complexityhigh EPSS score (14.7%)unauthenticated remote code execution possible

Exploitability

High exploit probability (EPSS 14.7%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

SCALANCE W1750D (JP)< V8.7.1.118.7.1.11

SCALANCE W1750D (ROW)< V8.7.1.118.7.1.11

SCALANCE W1750D (USA)< V8.7.1.118.7.1.11

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

SCALANCE W1750D (ROW)

HOTFIXUpdate SCALANCE W1750D firmware to V8.7.1.11 or later for all regional variants (JP, ROW, USA)

CVEs (13)

CVE-2002-20001 CVE-2022-37885 CVE-2022-37886 CVE-2022-37887 CVE-2022-37888 CVE-2022-37889 CVE-2022-37890 CVE-2022-37891 CVE-2022-37892 CVE-2022-37893 CVE-2022-37894 CVE-2022-37895 CVE-2022-37896

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7f78765a-d01d-4397-81ca-4e64fb741482