Wi-Fi Encryption Bypass Vulnerabilities in SCALANCE W1750D

Act Now8.4SSA-516174May 9, 2023

Attack VectorAdjacent

Auth RequiredLow

ComplexityLow

User InteractionRequired

Summary

SCALANCE W1750D wireless access points contain encryption bypass vulnerabilities affecting Wi-Fi communication security. The flaws allow an attacker with Wi-Fi proximity and a valid user credential to decrypt and intercept encrypted sessions, potentially stealing credentials or operational data. All regional variants (JP, ROW, USA) before firmware version 8.10.0.6 are affected. Siemens recommends immediate firmware update.

What this means

What could happen

An attacker with access to Wi-Fi traffic could decrypt and intercept communications with the SCALANCE W1750D, potentially stealing session credentials or sensitive operational data transmitted between the device and connected systems.

Who's at risk

Water utilities and municipal electric utilities that use SCALANCE W1750D wireless access points for remote equipment monitoring or operational technology networking. This device is commonly deployed to provide Wi-Fi connectivity for engineering workstations, HMI systems, or portable diagnostic tools in industrial facilities.

How it could be exploited

An attacker within Wi-Fi range of the SCALANCE W1750D could capture and decrypt encrypted wireless traffic using the identified encryption bypass flaw. With a valid user credential (one-time authentication required), the attacker could decrypt the session and intercept communications to steal credentials or operational commands.

Prerequisites

Wi-Fi network proximity to the SCALANCE W1750D
Ability to capture Wi-Fi traffic
Valid user credentials that have already authenticated to the device once (to establish encrypted session)

High CVSS score (8.4)Encryption bypass allows credential theftRequires one-time valid user credentialWi-Fi proximity required (limited range)High EPSS score (20.4%)

Exploitability

High exploit probability (EPSS 20.4%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

SCALANCE W1750D (JP)<V8.10.0.68.10.0.6

SCALANCE W1750D (ROW)<V8.10.0.68.10.0.6

SCALANCE W1750D (USA)<V8.10.0.68.10.0.6

Remediation & Mitigation

0/4

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SCALANCE W1750D firmware to version 8.10.0.6 or later

HOTFIXContact Siemens customer support to obtain the latest firmware version if not immediately available

Long-term hardening

0/2

HARDENINGRestrict physical proximity to Wi-Fi access point or use Wi-Fi geofencing to limit which areas can connect to the SCALANCE W1750D

HARDENINGImplement network segmentation to isolate the SCALANCE W1750D on a dedicated VLAN with restricted access from the main network

CVEs (1)

CVE-2022-47522

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/df216b71-18d4-4ac4-841d-23294228405f