Multiple Vulnerabilities in Scalance W1750D

Act Now9.8SSA-885980Apr 9, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The SCALANCE W1750D wireless access point contains multiple vulnerabilities including a buffer overflow (CWE-120) that could allow an attacker to cause information disclosure or execute unauthenticated remote code execution. Affected versions are all releases prior to V8.10.0.9 across all regional variants (JP, ROW, USA).

What this means

What could happen

An attacker with network access could execute arbitrary commands on the SCALANCE W1750D wireless access point without authentication, potentially compromising network connectivity, intercepting traffic, or disrupting communications to field devices and control systems.

Who's at risk

Water authorities and electric utilities using SCALANCE W1750D wireless access points for remote field device connectivity, especially those in Japanese (JP), Rest-of-World (ROW), or USA market regions. This includes organizations that use these devices to bridge legacy equipment or provide wireless access to distributed sensors, pumps, and circuit breakers.

How it could be exploited

An attacker sends a specially crafted network request to the SCALANCE W1750D that exploits a buffer overflow vulnerability (CWE-120) in the device firmware. The device processes the malicious input without proper bounds checking, allowing the attacker to overwrite memory and execute arbitrary code with device privileges.

Prerequisites

Network access to the SCALANCE W1750D device
No authentication credentials required
Device running firmware version prior to V8.10.0.9

Remotely exploitableNo authentication requiredLow complexityAffects critical network infrastructure deviceBuffer overflow vulnerability (memory safety issue)

Exploitability

Moderate exploit probability (EPSS 1.7%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

SCALANCE W1750D (JP)<V8.10.0.98.10.0.9

SCALANCE W1750D (ROW)<V8.10.0.98.10.0.9

SCALANCE W1750D (USA)<V8.10.0.98.10.0.9

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGSegment the SCALANCE W1750D wireless access point to a protected network zone with firewall rules restricting management access to authorized engineering workstations only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SCALANCE W1750D firmware to version 8.10.0.9 or later

Long-term hardening

0/1

HARDENINGMonitor for unauthorized access attempts to the SCALANCE W1750D management interface and wireless configuration services

CVEs (3)

CVE-2023-35980 CVE-2023-35981 CVE-2023-35982

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/08a1117b-eeb9-450d-8e13-ae94708a6ed4