Say Goodbye to Easy Access: Siemens Scalance W1750D’s Buffer Overflow Vulnerabilities Exposed!

Siemens waves goodbye to ICS updates for that pesky Scalance W1750D. Fear not, dear user! For up-to-the-minute heroics against villainous vulnerabilities, dial Siemens’ ProductCERT. Remember, stay patched or risk the hack-tastrophe! 🛡️💻🚨 #SiemensProductVulnerabilities

Hot Take:

It seems Siemens’ Scalance dance has hit a snag with the tune of CVE-2023-3598x leading the conga line. With CISA passing the advisory baton back to Siemens, one can only hope the DJ (aka Siemens) has some serious patching beats to drop, because with a CVSS v3 score of 9.8, we’re one step away from a full-blown cyber-salsa disaster!

Key Points:

  • Siemens Scalance W1750D devices are vulnerable to some buffer overflow moves that could let attackers remotely execute code with the grace of a bull in a china shop.
  • The vulnerabilities have been given the dance numbers CVE-2023-35980, CVE-2023-35981, and CVE-2023-35982, each with a rhythm that could shake the very foundations at a CVSS v3 score of 9.8.
  • Siemens offers a new choreography (update to V8.10.0.9) to keep the hackers off the dance floor.
  • CISA won’t be updating the ICS advisories for these vulnerabilities anymore, so it’s time to follow Siemens’ lead.
  • No reports of public exploitation yet, but with a score like 9.8, it’s like saying the buffet is open but no one’s taken a bite… yet.
Title: Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol
Cve id: CVE-2023-35980
Cve state: PUBLISHED
Cve assigner short name: hpe
Cve date updated: 07/25/2023
Cve description: There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Title: Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol
Cve id: CVE-2023-35981
Cve state: PUBLISHED
Cve assigner short name: hpe
Cve date updated: 07/25/2023
Cve description: There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Title: Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol
Cve id: CVE-2023-35982
Cve state: PUBLISHED
Cve assigner short name: hpe
Cve date updated: 07/25/2023
Cve description: There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Need to know more?

Let's Break It Down Now:

Siemens' Scalance W1750D has been identified as the wallflower at risk of being asked to dance by unwanted suitors due to buffer overflow vulnerabilities. The vulnerabilities are serious enough to allow attackers to cut in uninvited, potentially leading to an information disclosure slow dance or a more aggressive unauthenticated remote code execution tango.

Who's at the Party:

Affected products include various versions of the Scalance W1750D, deployed worldwide and critical to the manufacturing sector's rhythm. If one of these is gyrating in your network, it's time to consider some new moves.

The Choreographers:

Siemens, not wanting to be a wallflower at its own party, steps in with some mitigations. They're recommending an update two-step and suggesting the DJ booth (the CLI and web management interfaces) be roped off with a dedicated VLAN bouncer or some serious firewall policies. They also propose a cluster-security groove to make it harder for hackers to join the dance.

Party Planners at CISA:

While CISA is content to let Siemens lead, they still offer some party advice. Keep your ICS devices off the main dance floor (aka the internet), behind a firewall, and only use secure, up-to-date VPNs when you want to boogie remotely. They also provide a playlist of cybersecurity strategies and recommended practices to keep your party going without any party crashers.

No Party Fouls... Yet:

As of now, there haven't been any reports of these vulnerabilities being exploited in the wild. But with such high CVSS scores, it's like having a neon "open bar" sign with no reported drinkers—suspicious, to say the least. Siemens and CISA suggest keeping an eye out for any strange dance moves and reporting them posthaste.

Tags: Classic Buffer Overflow, Critical Infrastructure Protection, CVSS v3.9.8, industrial control systems, Network Security, Scalance W1750D, Siemens Vulnerabilities