Multiple Vulnerabilities in SCALANCE W1750D

Act Now9.8SSA-723417May 11, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The SCALANCE W1750D industrial wireless access point contains multiple input validation and buffer overflow vulnerabilities (CWE-287, CWE-120, CWE-77, CWE-20, CWE-362, CWE-79, CWE-80, CWE-400) that allow remote code execution without authentication. An attacker can send crafted network packets to trigger command injection or buffer overflows in the device firmware, gaining the ability to execute arbitrary commands on the access point. Siemens has released firmware updates that correct these issues.

What this means

What could happen

An attacker with network access could execute arbitrary code on the SCALANCE W1750D industrial wireless access point, potentially disrupting network connectivity for critical control systems or modifying network traffic in the facility.

Who's at risk

Water utilities, electric utilities, and industrial facilities that use SCALANCE W1750D industrial wireless access points for control system connectivity should prioritize this update. This device typically provides wireless network access for mobile maintenance devices, PLCs, or remote monitoring equipment in operational technology networks.

How it could be exploited

An attacker sends crafted network packets to the device that exploit input validation flaws (CWE-20) or buffer overflow conditions (CWE-120) in the device firmware. The device processes these packets without proper authentication, allowing command injection or code execution that runs with device privileges.

Prerequisites

Network access to SCALANCE W1750D on its management or service ports
No valid credentials required
Device running vulnerable firmware version (< 8.7.0 or 8.7.0 to 8.7.1.2)

Remotely exploitableNo authentication requiredLow complexity attackHigh EPSS score (40.3%)Actively exploited variants likely given severityAffects network infrastructure supporting control systems

Exploitability

High exploit probability (EPSS 40.3%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

SCALANCE W1750D< V8.7.08.7.0

SCALANCE W1750D≥ V8.7.0 and < V8.7.1.38.7.1.3

Remediation & Mitigation

0/4

Do now

0/1

SCALANCE W1750D

WORKAROUNDRestrict network access to SCALANCE W1750D management interfaces using firewall rules or network segmentation until firmware update can be applied

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

SCALANCE W1750D

HOTFIXUpdate SCALANCE W1750D firmware to version 8.7.0 or later (for devices running versions prior to 8.7.0)

HOTFIXUpdate SCALANCE W1750D firmware to version 8.7.1.3 or later (for devices running versions 8.7.0 through 8.7.1.2)

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate wireless access points from untrusted network segments

CVEs (21)

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/22b32274-4a7d-4b37-ad33-f689402f938e