CVE-2022-31765 Siemens CVE debrief

Who should care

OT/ICS operators, network administrators, and Siemens SCALANCE owners managing the listed W7xx wireless devices, especially anyone exposing the web management interface.

Technical summary

The advisory states that affected devices do not properly authorize the web interface’s change-password function. That means a low-privileged user could abuse the flaw to escalate privileges on the device. The supplied advisory assigns CVSS 3.1 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and indicates affected versions are earlier than 6.6.0. Siemens’ remediation is to update to V6.6.0 or later.

Defensive priority

High: prioritize patching affected devices, especially if the management interface is reachable from any network segment accessible to low-privileged users.

Recommended defensive actions

• Update affected Siemens SCALANCE devices to V6.6.0 or later, per the vendor remediation in the supplied advisory.
• Inventory SCALANCE W7xx devices and verify exact model/version against the affected product list before scheduling maintenance.
• Restrict access to the device web interface to trusted administrative networks only.
• Review accounts and privilege assignments on affected devices to ensure low-privileged users cannot reach administrative password-change functions.
• Monitor for unauthorized configuration or credential changes on exposed devices until remediation is complete.

Evidence notes

Primary evidence is the CISA CSAF advisory ICSA-26-111-07, which republishes Siemens ProductCERT SSA-019200. The source text explicitly states: 'Affected devices do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges.' The same source provides the CVSS vector (8.8, AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and the remediation to update to V6.6.0 or later.

Official resources