Siemens SCALANCE

SUMMARY SCALANCE W-700 IEEE 802.11n family before V6.6.0 are affected by multiple vulnerabilities. Siemens has released a new version for SCALANCE W-700 IEEE 802.11n family and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly...

Siemens SIMATIC and SCALANCE Devices Out-of-bounds Read (CVE-2023-39193)

A flaw was found in the Netfilter subsystem in the Linux kernel. The sctpmtcheck did not validate the flagcount field. This flaw allows a local privileged CAPNETADMIN attacker to trigger an out-of- bounds read, leading to a crash or information disclosure. This plugin only works with Tenable.ot...

Siemens SIMATIC and SCALANCE Devices Out-of-bounds Write (CVE-2024-9143)

Use of the low-level GF2m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution, however, in all the...

Siemens SCALANCE W700 Integer Overflow or Wraparound (CVE-2022-39842)

An issue was discovered in the Linux kernel before 5.19. In pxa3xxgcuwrite in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of sizet versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to...

Siemens SCALANCE W700 Improper Input Validation (CVE-2025-24499)

Affected devices do not properly validate input while loading the configuration files. This could allow an authenticated remote attacker to execute arbitrary shell commands on the device. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Siemens SIMATIC and SCALANCE Devices Improper Resource Shutdown or Release (CVE-2022-3524)

A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6renewoptions of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this...

Siemens SIMATIC and SCALANCE Devices Out-of-bounds Write (CVE-2022-43750)

drivers/usb/mon/monbin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 8090...

Siemens SCALANCE Devices Out-of-bounds Write (CVE-2023-6129)

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...

Siemens SCALANCE W700 Use After Free (CVE-2023-1670)

A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA PC- card Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system. This plugin only works with Tenable.ot. Please visit...

Siemens SCALANCE W700 Out-of-bounds Write (CVE-2023-1073)

A memory corruption flaw was found in the Linux kernel's human interface device HID subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system. This plugin only works with Tenable.ot. Please visit...

Siemens SCALANCE W700 Out-of-bounds Read (CVE-2023-1380)

A slab-out-of-bound read problem was found in brcmfgetassocies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when associnfo-reqlen data is bigger than the size of the buffer, defined as WLEXTRABUFMAX, leading to a denial of service. Thi...

Siemens SIMATIC and SCALANCE Devices Use After Free (CVE-2023-0590)

A use-after-free flaw was found in qdiscgraft in net/sched/schapi.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 net: sched: fix race condition in qdiscgraft not applied yet, then kernel could be affected. This plugin only works wi...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Double Free (CVE-2022-2588)

Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. This...

Siemens SCALANCE W700 Use After Free (CVE-2023-1118)

A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. This plugin only works with Tenable.ot. Please visi...

Siemens SIMATIC and SCALANCE Devices NULL Pointer Dereference (CVE-2022-47929)

In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service system crash via a crafted traffic control configuration that is set up with tc qdisc and tc class commands. This affects qdiscgraft in...

Siemens SCALANCE W700 Missing Release of Memory after Effective Lifetime (CVE-2023-1074)

A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service. This plugin only...

Siemens SCALANCE W700 Double Free (CVE-2023-29469)

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...

Siemens SCALANCE W700 Externally Controlled Reference to a Resource in Another Sphere (CVE-2023-0045)

The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ibprctlset function updates the Thread Information Flags TIFs for the task and updates the SPECCTRL MSR on the function speculationctrlupdate, but the IBPB is only issued on the next schedul...

Siemens SIMATIC and SCALANCE Devices Out-of-bounds Write (CVE-2023-35001)

Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nftbyteorder poorly handled vm register contents when CAPNETADMIN is in any user or network namespace This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL...

Siemens SIMATIC and SCALANCE Devices Type Confusion (CVE-2023-23454)

cbqclassify in net/sched/schcbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service slab-out-of-bounds read because of type confusion non-negative numbers can sometimes indicate a TCACTSHOT condition rather than valid classification results. This plugin only works wi...