Multiple Vulnerabilities fixed in SCALANCE W700 IEEE 802.11ax devices before V3.0.0

Act Now9.8SSA-769027Feb 11, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SCALANCE W700 IEEE 802.11ax wireless access points contain multiple critical vulnerabilities affecting confidentiality, integrity, and availability. The vulnerabilities span weak cryptography (CWE-326), memory safety issues (CWE-787, CWE-416, CWE-125), authentication bypass, and insecure deserialization. Devices are vulnerable to arbitrary code execution, credential theft, network disruption, and loss of encryption protections without authentication or user interaction required. All SCALANCE W700 series devices (WAB762, WAM763, WAM766, WUB762, WUM763, WUM766 models in all regional variants) running firmware before V3.0.0 are affected.

What this means

What could happen

An attacker with network access to these wireless access points could run arbitrary code, intercept communications, or cause the device to stop functioning. This could disrupt network connectivity for connected industrial devices like PLCs, sensors, and remote I/O modules that depend on these access points.

Who's at risk

Water utilities and electric utilities operating wireless industrial networks should prioritize this. SCALANCE W700 series access points are commonly used to provide wireless connectivity for mobile devices, temporary instrumentation, and remote monitoring terminals in plants and substations. Any facility using these devices for industrial automation or SCADA network connectivity is affected.

How it could be exploited

An attacker on the network could send a specially crafted packet or request to the wireless access point. Due to the lack of authentication required and the low complexity of exploitation, the attacker can trigger memory corruption, weak encryption bypass, or other flaws without needing valid credentials or special access.

Prerequisites

Network access to the wireless access point on port 80/443 or via wireless connection
No authentication or special credentials required
Device running firmware version prior to V3.0.0

remotely exploitableno authentication requiredlow complexityhigh EPSS score (88.5%)critical CVSS (9.8)affects network infrastructuremultiple vulnerability typesintegrity and availability impact

Exploitability

High exploit probability (EPSS 88.5%)

Affected products (17)

17 with fix

ProductAffected VersionsFix Status

SCALANCE WAB762-1< V3.0.03.0.0

SCALANCE WAM763-1< V3.0.03.0.0

SCALANCE WAM763-1 (ME)< V3.0.03.0.0

SCALANCE WAM763-1 (US)< V3.0.03.0.0

SCALANCE WAM766-1< V3.0.03.0.0

Remediation & Mitigation

0/1

Do now

0/1

HOTFIXUpdate SCALANCE W700 IEEE 802.11ax devices to firmware version V3.0.0 or later

CVEs (72)

CVE-2022-2588 CVE-2022-2663 CVE-2022-3524 CVE-2022-4304 CVE-2022-4450 CVE-2022-39188 CVE-2022-39842 CVE-2022-40303 CVE-2022-40304 CVE-2022-43750 CVE-2022-47069 CVE-2022-47929 CVE-2023-0045 CVE-2023-0215 CVE-2023-0286 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-0590 CVE-2023-1073 CVE-2023-1074 CVE-2023-1118 CVE-2023-1206 CVE-2023-1380 CVE-2023-1670 CVE-2023-2194 CVE-2023-3446 CVE-2023-3611 CVE-2023-4623 CVE-2023-4921 CVE-2023-5363 CVE-2023-5678 CVE-2023-5717 CVE-2023-6129 CVE-2023-6237 CVE-2023-7250 CVE-2023-23454 CVE-2023-23455 CVE-2023-23559 CVE-2023-26545 CVE-2023-28484 CVE-2023-28578 CVE-2023-29469 CVE-2023-31085 CVE-2023-31315 CVE-2023-35001 CVE-2023-39192 CVE-2023-39193 CVE-2023-42754 CVE-2023-43522 CVE-2023-44320 CVE-2023-44322 CVE-2023-45853 CVE-2023-45863 CVE-2023-48795 CVE-2023-51384 CVE-2023-51385 CVE-2024-0727 CVE-2024-2511 CVE-2024-4603 CVE-2024-4741 CVE-2024-5535 CVE-2024-6119 CVE-2024-9143 CVE-2024-23814 CVE-2024-26306 CVE-2024-33016 CVE-2024-50560 CVE-2024-50561 CVE-2024-50572 CVE-2025-24499 CVE-2025-24532

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/650f1e70-3bca-4371-814a-ad0d857c703e