PatchSiren cyber security CVE debrief
CVE-2020-26147 Siemens CVE debrief
CVE-2020-26147 is a wireless fragment-reassembly flaw tracked by CISA and Siemens for multiple SCALANCE wireless products. In affected deployments, an attacker within Wi-Fi range may be able to inject packets or exfiltrate selected fragments when fragmented frames are used with WEP, CCMP, or GCMP confidentiality.
- Vendor
- Siemens
- Product
- SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0)
- CVSS
- MEDIUM 5.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-14
- Original CVE updated
- 2026-04-21
- Advisory published
- 2026-04-14
- Advisory updated
- 2026-04-21
Who should care
Operators of the listed Siemens SCALANCE wireless devices, OT/ICS security teams, and network administrators responsible for Wi-Fi-enabled industrial networks.
Technical summary
The supplied advisory describes a Linux kernel 5.8.9 issue where WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even when some fragments were transmitted in plaintext. Siemens’ CSAF advisory maps the issue to numerous SCALANCE wireless models and states that the vulnerability can be abused to inject packets and/or exfiltrate selected fragments when fragmented frames are exchanged over WEP, CCMP, or GCMP-protected Wi-Fi. The published CVSS vector is AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N.
Defensive priority
Medium. Prioritize if any listed SCALANCE wireless devices are deployed where Wi-Fi exposure is realistic or where fragmented wireless traffic is permitted.
Recommended defensive actions
- Upgrade affected devices to V6.6.0 or later, as specified in the Siemens advisory.
- Reduce Wi-Fi transmission power where feasible to limit attack reach.
- Place affected devices in private areas with physical access controls when possible.
- Inventory the listed SCALANCE models and verify which units are running affected versions.
- Review wireless configurations for exposure to fragmented frames and tighten operational controls around Wi-Fi-connected OT assets.
Evidence notes
All claims are taken from the supplied CISA CSAF source item and its referenced Siemens/CISA advisories. The source states the issue affects multiple Siemens SCALANCE wireless models, recommends updating to V6.6.0 or later, and adds a mitigation that the vulnerability can only be exploited within Wi-Fi range, so transmission power reduction or physical access controls may help. The source also provides the CVSS 3.1 vector AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N and the description that packet injection and selected-fragment exfiltration are possible when fragmented frames are used with WEP, CCMP, or GCMP.
Official resources
-
CVE-2020-26147 CVE record
CVE.org
-
CVE-2020-26147 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA advisory ICSA-26-111-07, with the supplied timeline showing initial publication on 2026-04-14 and CISA republication on 2026-04-21.