PatchSiren cyber security CVE debrief

CVE-2023-44318 Siemens CVE debrief

CVE-2023-44318 is a medium-severity vulnerability affecting Siemens SCALANCE W700 series industrial wireless access points. The vulnerability stems from the use of a hardcoded cryptographic key to obfuscate configuration backup files that administrators can export from affected devices. Because the same key is embedded in all devices, an attacker who obtains a configuration backup—whether through administrative access or by acquiring the file through other means—can reverse the obfuscation and extract sensitive configuration information. This exposes network settings, credentials, and other operational parameters that could facilitate further attacks against industrial control system environments. The vulnerability was published on June 11, 2024, and last modified on January 14, 2025, when CISA updated the advisory to add fixes for related CVEs and include CVSSv4 vectors. Siemens has indicated that no fix is currently planned for this vulnerability, making compensating controls essential for risk management.

Vendor: Siemens
Product: SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
CVSS: MEDIUM 4.9
CISA KEV: Not listed in stored evidence
Original CVE published: 2024-03-12
Original CVE updated: 2025-08-12
Advisory published: 2024-03-12
Advisory updated: 2025-08-12

Who should care

Organizations operating Siemens SCALANCE W700 series wireless access points in industrial control system or operational technology environments, particularly those in critical infrastructure sectors where configuration confidentiality is essential for network security. Security teams responsible for OT asset management, network administrators managing industrial wireless deployments, and compliance officers evaluating ICS security posture should prioritize assessment of this vulnerability given the absence of planned vendor patches.

Technical summary

Affected Siemens SCALANCE W700 series wireless access points use a hardcoded cryptographic key to obfuscate exported configuration backup files. The vulnerability allows authenticated attackers with administrative privileges, or any attacker who obtains a configuration backup file, to extract configuration information by reversing the obfuscation. The CVSS 3.1 score is 4.9 (Medium), with vector AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N, indicating network attack vector, low complexity, high privileges required, and high confidentiality impact. Nineteen product variants are affected across WAB762-1, WAM763-1, WAM766-1, WUB762-1, WUM763-1, and WUM766-1 families. Siemens has stated that no fix is currently planned, requiring organizations to implement compensating controls.

Defensive priority

medium

Recommended defensive actions

Restrict administrative access to SCALANCE W700 devices to authorized personnel only, following least-privilege principles
Implement network segmentation to isolate affected wireless access points from critical operational technology networks
Encrypt configuration backups at rest using organization-controlled encryption before storing or transmitting
Monitor for unauthorized access attempts to device administrative interfaces and backup files
Apply vendor-recommended compensating controls from Siemens security advisory SSA-690517
Review and rotate any credentials stored in device configurations that may have been exposed in backups
Consider replacement planning for affected devices in high-security environments given no fix is planned

Evidence notes

The vulnerability description and affected product list are derived from CISA CSAF advisory ICSA-24-165-12, which references Siemens security advisory SSA-690517. The remediation status of 'no fix planned' is explicitly stated in the CSAF remediations section for all 19 affected product variants.

Official resources

2024-06-11