As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: Scalance W1750D
- Vulnerabilities: Classic Buffer Overflow
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to exploit buffer overflow and information disclosure vulnerabilities which could lead to information disclosure or unauthenticated remote code execution.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following products of Siemens Scalance W1750D, a direct access point, are affected:
- Siemens SCALANCE W1750D (JP) (6GK5750-2HX01-1AD0): All versions prior to V8.10.0.9
- Siemens SCALANCE W1750D (ROW) (6GK5750-2HX01-1AA0): All versions prior to V8.10.0.9
- Siemens SCALANCE W1750D (USA) (6GK5750-2HX01-1AB0): All versions prior to V8.10.0.9
3.2 Vulnerability Overview
3.2.1 BUFFER COPY WITHOUT CHECKING SIZE OF INPUT (‘CLASSIC BUFFER OVERFLOW’) CWE-120
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba’s access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitra
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: