PatchSiren cyber security CVE debrief
CVE-2022-36324 Siemens CVE debrief
CVE-2022-36324 affects multiple Siemens SCALANCE wireless devices and is rated HIGH (CVSS 7.5). According to the advisory, affected devices do not properly handle SSL/TLS parameter renegotiation, which can let an unauthenticated remote attacker bypass TCP brute-force prevention and sustain a denial-of-service condition for as long as the attack continues. Siemens lists firmware V6.6.0 or later as the fix for the affected product set.
- Vendor
- Siemens
- Product
- SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0)
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-14
- Original CVE updated
- 2026-04-21
- Advisory published
- 2026-04-14
- Advisory updated
- 2026-04-21
Who should care
OT/ICS defenders, Siemens SCALANCE administrators, network security teams, and incident responders responsible for industrial wireless infrastructure should prioritize this issue, especially where the listed W721/W722/W734/W738/W748/W761/W774/W778/W786/W788 models are deployed.
Technical summary
The issue is a network-exploitable availability weakness: CVSS v3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The advisory states that SSL/TLS renegotiation is not handled properly, allowing an unauthenticated remote attacker to bypass TCP brute-force prevention. The practical outcome described by the source is a denial-of-service condition during the attack window, with no confidentiality or integrity impact indicated in the vector.
Defensive priority
High for exposed OT networks and any environment where the affected SCALANCE devices are reachable from untrusted networks. Remediation is straightforward if firmware updates are operationally feasible, but change-control and downtime constraints in OT may delay replacement of vulnerable firmware.
Recommended defensive actions
- Upgrade affected devices to Siemens firmware V6.6.0 or later, as directed in the advisory.
- Identify all deployed SCALANCE models listed in the advisory and confirm current firmware versions before scheduling maintenance.
- Restrict network exposure to management and TLS-enabled services; do not leave device interfaces unnecessarily reachable from untrusted networks.
- Monitor for repeated connection attempts, authentication brute-force patterns, or service instability affecting the impacted devices.
- Use OT segmentation and defense-in-depth controls to reduce attacker reach if immediate patching is not possible.
Evidence notes
All substantive claims are taken from the supplied CISA CSAF advisory and the referenced Siemens ProductCERT materials. The source explicitly states the TLS renegotiation handling issue, unauthenticated remote bypass of TCP brute-force prevention, resulting denial of service, affected SCALANCE models, and the vendor remediation to update to V6.6.0 or later. The CVSS vector is also provided in the source as CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C.
Official resources
-
CVE-2022-36324 CVE record
CVE.org
-
CVE-2022-36324 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory on 2026-04-14 and republished it on 2026-04-21 with Siemens ProductCERT SSA-019200 content; use 2026-04-14 as the CVE advisory publication date.