CVE-2020-24588 Siemens CVE debrief

Who should care

OT/ICS operators, network defenders, and site administrators responsible for Siemens SCALANCE wireless infrastructure should review this issue, especially where devices operate in reachable RF areas and accept non-SSP A-MSDU frames.

Technical summary

The source advisory states that the 802.11 standard does not require authentication of the A-MSDU flag in the plaintext QoS header field. Against devices that support receiving non-SSP A-MSDU frames, which is mandatory as part of 802.11n, an adversary can abuse this weakness to inject arbitrary network packets. The advisory lists multiple Siemens SCALANCE W7xx wireless models as affected when running versions earlier than V6.6.0, and identifies V6.6.0 or later as the vendor fix.

Defensive priority

Medium

Recommended defensive actions

• Upgrade affected Siemens SCALANCE devices to V6.6.0 or later, per the vendor advisory.
• Disable A-MSDU if the device and deployment allow it.
• Reduce Wi-Fi transmission power where possible to limit attack range.
• Place affected devices in private or physically controlled areas when feasible.
• Review wireless exposure for the listed SCALANCE models and prioritize systems that cannot be easily isolated.
• Validate that compensating controls and monitoring cover packet-injection risk on trusted wireless links.

Evidence notes

Timing context comes from the supplied advisory record: CISA’s ICSA-26-111-07 was published on 2026-04-14 and republished on 2026-04-21, with the source advisory attributed to Siemens ProductCERT SSA-019200. The supplied CVSS vector is CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N, matching a low-severity integrity-focused issue that requires nearby wireless access. The remediation text in the source explicitly recommends updating to V6.6.0 or later, disabling A-MSDU if possible, and reducing transmission power or using physical access controls.

Official resources