Multiple Vulnerabilities in SCALANCE W1750D

Act Now9.8SSA-917476Nov 9, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The SCALANCE W1750D wireless switch contains multiple vulnerabilities (buffer overflow, command injection, path traversal, resource exhaustion) that allow an unauthenticated attacker on the network to execute arbitrary code, read sensitive files, or cause denial of service. Affected versions: < V8.7.1.3 and V8.7.1.3 through V8.7.1.8. Siemens recommends updating to V8.7.1.9 or later.

What this means

What could happen

An attacker with network access to the SCALANCE W1750D wireless industrial switch could run code on the device, read sensitive files, or crash it—disrupting network connectivity to critical equipment like PLCs, RTUs, or field devices in water treatment, power distribution, or manufacturing environments.

Who's at risk

Organizations operating industrial wireless networks rely on the SCALANCE W1750D to bridge wireless field devices and wired plant networks. This affects water utilities, electric utilities, and manufacturing plants that depend on the device for real-time communication to remote tanks, pumps, generators, and automation equipment. Any facility using this switch for critical OT communications is at risk.

How it could be exploited

An attacker on the network sends a crafted request to the SCALANCE W1750D's management interface (no authentication required due to CWE-77 and CWE-119 issues). This triggers a buffer overflow, path traversal, or code injection flaw that allows remote code execution or arbitrary file read on the device.

Prerequisites

Network reachability to the SCALANCE W1750D device (likely port 80/443 for management interface)
Device running vulnerable firmware version (< V8.7.1.9)

remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.8)affects network infrastructure critical to operations

Exploitability

Moderate exploit probability (EPSS 2.7%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

SCALANCE W1750D< V8.7.1.38.7.1.3

SCALANCE W1750D≥ V8.7.1.3 < V8.7.1.98.7.1.9

Remediation & Mitigation

0/3

Do now

0/2

SCALANCE W1750D

HARDENINGRestrict network access to the SCALANCE W1750D management interface using firewall rules or network segmentation—allow only authorized workstations/engineering devices

All products

WORKAROUNDDisable or limit the W1750D's management interface if not in active use

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

SCALANCE W1750D

HOTFIXUpdate SCALANCE W1750D firmware to version 8.7.1.3 or later (8.7.1.9 recommended)

CVEs (6)

CVE-2021-37726 CVE-2021-37727 CVE-2021-37730 CVE-2021-37732 CVE-2021-37734 CVE-2021-37735

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/290216c3-4220-4a75-ab40-d84e78a58216