PatchSiren cyber security CVE debrief
CVE-2023-35982 Siemens CVE debrief
CVE-2023-35982 is a critical buffer overflow vulnerability affecting Siemens SCALANCE W1750D wireless access points. The vulnerability resides in multiple underlying services and can be exploited by sending specially crafted packets to the PAPI (Aruba's access point management protocol) UDP port 8211. Successful exploitation allows unauthenticated remote attackers to execute arbitrary code with privileged user permissions on the underlying operating system. The vulnerability was published on April 9, 2024, with a CVSS 3.1 score of 9.8 (Critical). Siemens has released firmware version 8.10.0.9 or later to address this issue, available upon request from customer support.
- Vendor
- Siemens
- Product
- SCALANCE W1750D (JP) (6GK5750-2HX01-1AD0)
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2024-04-09
- Advisory published
- 2024-04-09
- Advisory updated
- 2024-04-09
Who should care
Organizations operating Siemens SCALANCE W1750D wireless access points in industrial environments, including manufacturing facilities, critical infrastructure, and operational technology networks. Security teams responsible for ICS/OT network segmentation and wireless infrastructure protection should prioritize assessment and remediation.
Technical summary
The vulnerability exists in the PAPI (Aruba's access point management protocol) implementation within Siemens SCALANCE W1750D firmware. Multiple underlying services contain buffer overflow conditions that can be triggered by crafted UDP packets sent to port 8211. The attack requires no authentication and results in privileged code execution on the device operating system. This represents a critical exposure for industrial wireless infrastructure deployments.
Defensive priority
critical
Recommended defensive actions
- Apply vendor fix: Update affected SCALANCE W1750D devices to firmware version 8.10.0.9 or later by contacting Siemens customer support
- Implement network segmentation: Restrict CLI and web-based management interfaces to dedicated Layer 2 segments/VLANs with firewall policies at Layer 3 and above
- Enable cluster-security: Activate the cluster-security command to prevent exploitation of these vulnerabilities
- Monitor UDP port 8211: Implement network monitoring for anomalous traffic targeting the PAPI management protocol port
- Review access controls: Ensure management interfaces are not exposed to untrusted networks
- Inventory affected devices: Identify all deployed SCALANCE W1750D variants including JP (6GK5750-2HX01-1AD0), ROW (6GK5750-2HX01-1AA0), and USA (6GK5750-2HX01-1AB0) models
Evidence notes
CVE description and remediation details sourced from CISA CSAF advisory ICSA-24-102-05. Siemens product identification confirmed through CSAF product tree with three affected variants: SCALANCE W1750D (JP), (ROW), and (USA). CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H confirms network-based attack with low complexity, no privileges required, and high impact across confidentiality, integrity, and availability.
Official resources
-
CVE-2023-35982 CVE record
CVE.org
-
CVE-2023-35982 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09