Multiple Vulnerabilities in Scalance W1750D

Act Now9.8SSA-716164Feb 13, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The SCALANCE W1750D wireless access point contains multiple vulnerabilities (CWE-120 buffer overflow, CWE-20 input validation, CWE-77 command injection) that allow unauthenticated remote code execution, denial of service, or sensitive information disclosure. Affected versions are all W1750D models (JP, ROW, USA variants) running firmware below V8.10.0.9. Siemens has released patched firmware V8.10.0.9.

What this means

What could happen

An attacker could remotely execute code on the Scalance W1750D wireless access point without authentication, potentially giving them control over your network connectivity or allowing them to disrupt wireless communications across your facility.

Who's at risk

Water authorities and utilities operating Siemens Scalance W1750D wireless access points used for industrial network connectivity. This affects all regional variants (JP, ROW, USA) of the W1750D model, which may be deployed in SCADA networks, remote terminal units, or other critical control system communications.

How it could be exploited

An attacker on the network or reachable from the internet could send specially crafted network packets to the W1750D's exposed interface, exploiting command injection or buffer overflow flaws to execute arbitrary commands with device privileges, or cause the device to crash and deny service.

Prerequisites

Network access to the Scalance W1750D device (no valid credentials required)
Device running vulnerable firmware version below V8.10.0.9

remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.8)unauthenticated remote code execution possible

Exploitability

Low exploit probability (EPSS 0.9%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

SCALANCE W1750D (JP)<V8.10.0.98.10.0.9

SCALANCE W1750D (ROW)<V8.10.0.98.10.0.9

SCALANCE W1750D (USA)<V8.10.0.98.10.0.9

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SCALANCE W1750D devices to firmware version V8.10.0.9 or later

CVEs (14)

CVE-2023-45614 CVE-2023-45615 CVE-2023-45616 CVE-2023-45617 CVE-2023-45618 CVE-2023-45619 CVE-2023-45620 CVE-2023-45621 CVE-2023-45622 CVE-2023-45623 CVE-2023-45624 CVE-2023-45625 CVE-2023-45626 CVE-2023-45627

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b2e9dd56-be76-4e4c-baba-d616fe0462a6