PatchSiren cyber security CVE debrief
CVE-2020-26143 Siemens CVE debrief
CVE-2020-26143 is described in the supplied CISA/Siemens advisory corpus as a wireless integrity issue affecting multiple Siemens SCALANCE devices. The advisory says the WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi‑Fi network, which can let an adversary inject arbitrary data frames independent of the network configuration. The corpus also states that exploitation is limited to Wi‑Fi range and that Siemens provides a fix in V6.6.0 or later.
- Vendor
- Siemens
- Product
- SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0)
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-14
- Original CVE updated
- 2026-04-21
- Advisory published
- 2026-04-14
- Advisory updated
- 2026-04-21
Who should care
OT/ICS operators, engineers, and security teams responsible for the listed Siemens SCALANCE wireless devices, especially where wireless coverage reaches beyond tightly controlled areas.
Technical summary
The advisory describes an integrity flaw in wireless protocol handling: fragmented plaintext frames are accepted inside protected Wi‑Fi networks, allowing frame injection without dependence on the specific network configuration. The supplied corpus associates the issue with Siemens SCALANCE wireless products and recommends updating to V6.6.0 or later. The mitigation text also notes the attack requires Wi‑Fi range, making wireless exposure and physical placement relevant risk factors.
Defensive priority
Medium. Prioritize remediation in the next planned maintenance cycle, and accelerate if the devices are reachable from uncontrolled wireless areas or support critical traffic.
Recommended defensive actions
- Update affected Siemens SCALANCE devices to V6.6.0 or later, per the advisory.
- Reduce Wi‑Fi transmission power where feasible to limit attack reach.
- Place devices in private areas with physical access controls when possible.
- Review wireless exposure for the listed SCALANCE models and limit coverage beyond necessary areas.
- Use the provided Siemens and CISA advisory references to confirm model coverage and maintenance planning.
Evidence notes
The source corpus is a CISA CSAF advisory (ICSA-26-111-07) republishing Siemens ProductCERT SSA-019200 content. It lists many affected SCALANCE W721/W722/W734/W738/W748/W761/W774/W778/W786/W788 variants and states the fix is V6.6.0 or later. The remediation text explicitly says the vulnerabilities can only be exploited within Wi‑Fi range and recommends reducing transmission power or using private areas with physical access controls. The corpus also contains inconsistent ALFA Windows driver wording in the CVE description; product scope and remediation were taken from the Siemens CSAF advisory fields and references.
Official resources
-
CVE-2020-26143 CVE record
CVE.org
-
CVE-2020-26143 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the supplied CISA CSAF source on 2026-04-14 and republished with Siemens ProductCERT advisory content on 2026-04-21. The corpus includes conflicting product wording in the CVE description, so the Siemens SCALANCE CSAF/