PatchSiren cyber security CVE debrief
CVE-2025-24532 Siemens CVE debrief
CVE-2025-24532 is a Siemens SCALANCE issue in SNMPv3 View configuration authorization. According to the advisory, devices with the `user` role are affected by incorrect authorization that could let an attacker change the View Type of SNMPv3 Views. Siemens lists a fix in V3.0.0 or later for the affected SCALANCE WAB/WAM/WUB/WUM models. The published CVSS score is 4.3 (Medium), reflecting a network-reachable integrity impact with low privileges required.
- Vendor
- Siemens
- Product
- SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-02-11
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-02-11
- Advisory updated
- 2025-05-06
Who should care
OT and industrial network operators using Siemens SCALANCE WAB762-1, WAM763-1, WAM766-1, WUB762-1, or WUM763-1/WUM766-1 devices should review whether SNMPv3 View administration is enabled and whether any affected devices still run a vulnerable version. Engineers responsible for device hardening, access control, and configuration management should prioritize this issue.
Technical summary
The advisory identifies an authorization control weakness in SNMPv3 View configuration on affected Siemens devices. Affected devices with the `user` role may be able to alter the View Type of SNMPv3 Views, which is an integrity issue in configuration management rather than a confidentiality or availability issue. The associated CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N, and the source indicates exploitation is expected but not yet publicly proven (`E:P`).
Defensive priority
Medium. The issue requires low privileges and affects configuration integrity on industrial networking equipment, so it should be addressed during normal maintenance planning or sooner if SNMPv3 View settings are used operationally.
Recommended defensive actions
- Update affected Siemens SCALANCE devices to V3.0.0 or later, as specified in the Siemens remediation.
- Inventory the listed affected product models and confirm which deployments use SNMPv3 View configuration.
- Review SNMPv3 role assignments and verify that `user`-level accounts do not have unintended configuration permissions.
- Check for unexpected changes to SNMPv3 Views or View Type settings and restore trusted configurations if needed.
- Apply industrial-control-system access-control best practices, including limiting management-plane access to trusted administrators and networks.
- Consult the Siemens security advisory and CISA ICS advisory for product-specific remediation guidance.
Evidence notes
Primary evidence comes from the CISA CSAF advisory ICSA-25-044-09 and the linked Siemens ProductCERT advisory SSA-769027. The source states: "Affected devices with role `user` is affected by incorrect authorization in SNMPv3 View configuration. This could allow an attacker to change the View Type of SNMPv3 Views." The remediation line in the source specifies: "Update to V3.0.0 or later version." The advisory was published on 2025-02-11 and later revised on 2025-05-06 for typo fixes only.
Official resources
-
CVE-2025-24532 CVE record
CVE.org
-
CVE-2025-24532 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE-2025-24532 was published on 2025-02-11 and revised on 2025-05-06. The revision history in the source indicates the later update was for typo fixes.