Multiple Vulnerabilities in SCALANCE W1750D

Act Now9.8SSA-843070Oct 10, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The SCALANCE W1750D wireless access point contains multiple vulnerabilities in command handling and buffer operations (CWE-120, CWE-20, CWE-77, CWE-200) that allow unauthenticated remote attackers to inject commands, trigger buffer overflows, and potentially execute arbitrary code. This could lead to unauthorized access, sensitive data disclosure, denial of service, or loss of control over network-connected devices. Siemens has released firmware version 8.10.0.6 and later to remediate these issues.

What this means

What could happen

An unauthenticated attacker on the network could inject commands or trigger buffer overflows on the SCALANCE W1750D wireless access point, potentially executing code remotely to disrupt network connectivity, steal configuration data, or gain control of communications infrastructure serving your plant.

Who's at risk

Plant or utility operations relying on SCALANCE W1750D wireless access points for field device communications, control network connectivity, or plant management traffic. Particularly critical if the device bridges between your IT network and OT control systems.

How it could be exploited

An attacker with network access to the device exploits command injection or buffer overflow vulnerabilities in the firmware to send malicious input without authentication. Successful exploitation allows arbitrary command execution on the access point, which sits between your control network and plant devices.

Prerequisites

Network access to the SCALANCE W1750D device (typically reachable from your control network or if network-facing, from the internet)
No credentials required

remotely exploitableno authentication requiredlow complexityaffects network infrastructureCVSS 9.8 (critical)

Exploitability

Moderate exploit probability (EPSS 1.3%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

SCALANCE W1750D (JP)<V8.10.0.68.10.0.6

SCALANCE W1750D (ROW)<V8.10.0.68.10.0.6

SCALANCE W1750D (USA)<V8.10.0.68.10.0.6

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict network access to the SCALANCE W1750D device using firewall rules to only trusted management IP addresses and control network subnets

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SCALANCE W1750D firmware to version 8.10.0.6 or later

Long-term hardening

0/1

HARDENINGSegregate the access point on a separate management VLAN to limit lateral movement if the device is compromised

CVEs (13)

CVE-2023-22779 CVE-2023-22780 CVE-2023-22781 CVE-2023-22782 CVE-2023-22783 CVE-2023-22784 CVE-2023-22785 CVE-2023-22786 CVE-2023-22787 CVE-2023-22788 CVE-2023-22789 CVE-2023-22790 CVE-2023-22791

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ccb55c4d-c41b-441f-8ca9-463ec5a464e4