PatchSiren cyber security CVE debrief
CVE-2023-35981 Siemens CVE debrief
CVE-2023-35981 is a critical buffer overflow vulnerability affecting Siemens SCALANCE W1750D industrial wireless access points. The vulnerability resides in multiple underlying services and can be exploited by sending specially crafted packets to the PAPI (Aruba's access point management protocol) UDP port 8211. Successful exploitation enables unauthenticated remote code execution with privileged user permissions on the underlying operating system. The vulnerability carries a CVSS 3.1 score of 9.8 (Critical), reflecting its network attack vector, low attack complexity, and no required privileges or user interaction. The affected products include three regional variants of the SCALANCE W1750D: the Japan (JP), Rest of World (ROW), and USA models. Siemens has released firmware version 8.10.0.9 or later to address this vulnerability, available upon request from customer support. CISA and Siemens also recommend network segmentation workarounds and enabling cluster-security features as interim mitigations.
- Vendor
- Siemens
- Product
- SCALANCE W1750D (JP) (6GK5750-2HX01-1AD0)
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2024-04-09
- Advisory published
- 2024-04-09
- Advisory updated
- 2024-04-09
Who should care
Organizations operating Siemens SCALANCE W1750D wireless access points in industrial environments, including manufacturing facilities, critical infrastructure operators, and enterprises with OT/ICS networks. Security teams responsible for industrial wireless infrastructure, network administrators managing segmented OT networks, and incident response teams monitoring for ICS-targeting threats should prioritize assessment and remediation.
Technical summary
The vulnerability exists in the PAPI (Aruba access point management protocol) implementation on Siemens SCALANCE W1750D devices. Multiple underlying services contain buffer overflow conditions that can be triggered by crafted UDP packets sent to port 8211. The attack requires no authentication and results in arbitrary code execution with elevated privileges. The PAPI protocol is used for access point management and cluster communication. Network-based attackers can exploit this vulnerability without prior access to the device or network credentials.
Defensive priority
critical
Recommended defensive actions
- Apply vendor fix: Update affected SCALANCE W1750D devices to firmware version 8.10.0.9 or later by contacting Siemens customer support
- Implement network segmentation: Restrict CLI and web-based management interfaces to dedicated Layer 2 segments/VLANs with firewall policies at Layer 3 and above
- Enable cluster-security: Activate the cluster-security command on affected devices to prevent exploitation of these vulnerabilities
- Monitor network traffic: Implement detection for anomalous UDP traffic targeting port 8211 (PAPI protocol) on affected device segments
- Review access controls: Ensure management interfaces are not exposed to untrusted networks or the internet
Evidence notes
Vulnerability description and remediation details sourced from CISA CSAF advisory ICSA-24-102-05. CVSS vector confirmed as CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. Affected product list and vendor fix version 8.10.0.9 confirmed through CSAF product tree and remediation sections.
Official resources
-
CVE-2023-35981 CVE record
CVE.org
-
CVE-2023-35981 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09