PatchSiren cyber security CVE debrief
CVE-2023-35980 Siemens CVE debrief
CVE-2023-35980 is a critical buffer overflow vulnerability affecting Siemens SCALANCE W1750D wireless access points. The vulnerability resides in multiple underlying services and can be exploited by sending specially crafted packets to the PAPI (Aruba's access point management protocol) UDP port 8211. Successful exploitation allows unauthenticated remote attackers to execute arbitrary code with privileged user permissions on the underlying operating system. The vulnerability carries a CVSS 3.1 score of 9.8 (Critical), reflecting its network attack vector, low attack complexity, and no required privileges or user interaction. Siemens has released firmware version 8.10.0.9 or later to address this issue, available upon request from customer support. CISA and Siemens recommend implementing network segmentation and enabling cluster-security as interim mitigations.
- Vendor
- Siemens
- Product
- SCALANCE W1750D (JP) (6GK5750-2HX01-1AD0)
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2024-04-09
- Advisory published
- 2024-04-09
- Advisory updated
- 2024-04-09
Who should care
Organizations operating Siemens SCALANCE W1750D wireless access points in industrial environments, including manufacturing facilities, critical infrastructure operators, and enterprises with OT/ICS networks. Security teams responsible for industrial wireless infrastructure, network administrators managing segmented industrial networks, and compliance officers tracking ICS vulnerability remediation should prioritize this issue due to its critical severity and unauthenticated exploitation path.
Technical summary
The vulnerability exists in the PAPI (Aruba's access point management protocol) service running on UDP port 8211. Multiple underlying services contain buffer overflow conditions that can be triggered by crafted network packets. The attack requires no authentication and results in privileged code execution on the device operating system. The SCALANCE W1750D is an industrial wireless access point based on Aruba technology, explaining the presence of the PAPI protocol. Three product variants are affected: JP (6GK5750-2HX01-1AD0), ROW (6GK5750-2HX01-1AA0), and USA (6GK5750-2HX01-1AB0). Siemens provides firmware updates through customer support channels rather than public download. Interim mitigations include network-layer access restrictions and enabling the cluster-security feature.
Defensive priority
critical
Recommended defensive actions
- Apply vendor fix: Update affected SCALANCE W1750D devices to firmware version 8.10.0.9 or later by contacting Siemens customer support
- Implement network segmentation: Restrict CLI and web-based management interfaces to dedicated Layer 2 segments/VLANs with firewall policies at Layer 3 and above
- Enable cluster-security: Activate the cluster-security command to prevent exploitation of these vulnerabilities
- Monitor network traffic: Implement detection for anomalous UDP traffic targeting port 8211 on affected devices
- Review access controls: Ensure management interfaces are not exposed to untrusted networks
- Inventory affected assets: Identify all deployed SCALANCE W1750D units across JP, ROW, and USA variants for prioritized patching
Evidence notes
Vulnerability description and remediation details sourced from CISA CSAF advisory ICSA-24-102-05. Siemens SSA-885980 provides vendor-specific guidance. Affected products confirmed as SCALANCE W1750D variants for JP, ROW, and USA markets.
Official resources
-
CVE-2023-35980 CVE record
CVE.org
-
CVE-2023-35980 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09