PatchSiren cyber security CVE debrief
CVE-2025-24499 Siemens CVE debrief
CVE-2025-24499 is a high-severity Siemens advisory affecting multiple SCALANCE W700 IEEE 802.11ax device variants. The issue is an input-validation flaw in configuration file loading that could let an authenticated remote attacker execute arbitrary shell commands on the device. Siemens and CISA both published the issue on 2025-02-11, and the later 2025-05-06 revision was limited to typo fixes. Siemens states that the fixed version is V3.0.0 or later.
- Vendor
- Siemens
- Product
- SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-02-11
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-02-11
- Advisory updated
- 2025-05-06
Who should care
OT/ICS operators, industrial network administrators, and security teams responsible for Siemens SCALANCE WAB/WAM/WUB/WUM deployments should prioritize this advisory, especially where authenticated remote administration is used in production environments.
Technical summary
The advisory describes improper validation of input while loading configuration files on affected Siemens SCALANCE W700 devices. Because the flaw is reachable by an authenticated remote attacker, successful abuse could lead to arbitrary shell command execution on the device. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, with a score of 7.2 (HIGH). The affected product set includes 19 Siemens model variants listed in the CISA CSAF advisory.
Defensive priority
High priority. Apply firmware updates promptly on any exposed or operationally important SCALANCE W700 device, with special attention to systems that allow remote authenticated management.
Recommended defensive actions
- Update affected Siemens SCALANCE devices to V3.0.0 or later, as directed in the Siemens advisory.
- Inventory all affected SCALANCE WAB/WAM/WUB/WUM model variants and confirm the installed firmware version before maintenance windows.
- Restrict authenticated administrative access to trusted users and networks, and review any remote management exposure.
- Apply CISA industrial control system defense-in-depth and recommended practices to limit blast radius in OT environments.
- Monitor for unexpected configuration-loading activity or abnormal device shell behavior and investigate deviations quickly.
Evidence notes
The primary evidence is the CISA CSAF advisory ICSA-25-044-09 and the Siemens security advisory SSA-769027. Both state that affected devices do not properly validate input while loading configuration files and that an authenticated remote attacker could execute arbitrary shell commands. The advisory’s remediation is to update to V3.0.0 or later. The CISA revision history shows a 2025-05-06 update marked as typo fixes only, not a substantive technical change.
Official resources
-
CVE-2025-24499 CVE record
CVE.org
-
CVE-2025-24499 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2025-02-11 by Siemens and CISA. The advisory was revised on 2025-05-06 for typo fixes only.