ICSA-22-104-04 · Published 2026-04-16 · View on CISA ICS-CERT ↗

Siemens SCALANCE FragAttacks

CVSS 6.5 MEDIUM

Risk Summary

Twelve vulnerabilities in the implementation of frame aggregation and fragmentation of the 802.11 standard, under the name of FragAttacks, have been published. Successful exploitation of these vulnerabilities could allow an attacker within Wi-Fi range to forge encrypted frames, which could result in sensitive data disclosure and possibly traffic manipulation. The advised Siemens products are only affected by some of the published vulnerabilities. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.

CVEs (9)

CVE-2020-24588 CVE-2020-26139 CVE-2020-26140 CVE-2020-26141 CVE-2020-26143 CVE-2020-26144 CVE-2020-26145 CVE-2020-26146 CVE-2020-26147

Remediations

As these vulnerabilities can only be exploited within Wi-Fi range, when possible reduce Wi-Fi transmission power or make sure to have the devices in private areas with physical access controls
Disable A-MSDU, if possible
Update to V1.2.0 or later version
Update to V3.0.0 or later version
Update to V6.6.0 or later version
Update to V8.7.1.3 or later version

Affected Vendors

Siemens

Affected Products (67)

Siemens · SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0) vers:intdot/<3.0.0

Siemens · SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0) vers:intdot/<3.0.0

Siemens · SCALANCE W1750D (JP) (6GK5750-2HX01-1AD0) vers:intdot/<8.7.1.3

Siemens · SCALANCE W1750D (ROW) (6GK5750-2HX01-1AA0) vers:intdot/<8.7.1.3

Siemens · SCALANCE W1750D (USA) (6GK5750-2HX01-1AB0) vers:intdot/<8.7.1.3

Siemens · SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0) vers:intdot/<3.0.0

Siemens · SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0) vers:intdot/<3.0.0

Siemens · SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0) vers:intdot/<3.0.0

Siemens · SCALANCE W1788-2IA M12 (6GK5788-2HY01-0AA0) vers:intdot/<3.0.0

Siemens · SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0) vers:intdot/<6.6.0

Siemens · SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0) vers:intdot/<6.6.0

Siemens · SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0) vers:intdot/<6.6.0

Siemens · SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0) vers:intdot/<6.6.0

Siemens · SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AC0) vers:intdot/<6.6.0

Siemens · SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA0) vers:intdot/<6.6.0

Siemens · SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA6) vers:intdot/<6.6.0

Siemens · SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AB0) vers:intdot/<6.6.0

Siemens · SCALANCE W734-1 RJ45 (USA) (6GK5734-1FX00-0AB6) vers:intdot/<6.6.0

Siemens · SCALANCE W738-1 M12 (6GK5738-1GY00-0AA0) vers:intdot/<6.6.0

Siemens · SCALANCE W738-1 M12 (6GK5738-1GY00-0AB0) vers:intdot/<6.6.0

Siemens · SCALANCE W748-1 M12 (6GK5748-1GD00-0AA0) vers:intdot/<6.6.0

Siemens · SCALANCE W748-1 M12 (6GK5748-1GD00-0AB0) vers:intdot/<6.6.0

Siemens · SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AA0) vers:intdot/<6.6.0

Siemens · SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AB0) vers:intdot/<6.6.0

Siemens · SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AA0) vers:intdot/<6.6.0

Siemens · SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AB0) vers:intdot/<6.6.0

Siemens · SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TA0) vers:intdot/<6.6.0

Siemens · SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TB0) vers:intdot/<6.6.0

Siemens · SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA0) vers:intdot/<6.6.0

Siemens · SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA6) vers:intdot/<6.6.0

Siemens · SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AB0) vers:intdot/<6.6.0

Siemens · SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AC0) vers:intdot/<6.6.0

Siemens · SCALANCE W774-1 RJ45 (USA) (6GK5774-1FX00-0AB6) vers:intdot/<6.6.0

Siemens · SCALANCE W778-1 M12 (6GK5778-1GY00-0AA0) vers:intdot/<6.6.0

Siemens · SCALANCE W778-1 M12 (6GK5778-1GY00-0AB0) vers:intdot/<6.6.0

Siemens · SCALANCE W778-1 M12 EEC (6GK5778-1GY00-0TA0) vers:intdot/<6.6.0

Siemens · SCALANCE W778-1 M12 EEC (USA) (6GK5778-1GY00-0TB0) vers:intdot/<6.6.0

Siemens · SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AA0) vers:intdot/<6.6.0

Siemens · SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AB0) vers:intdot/<6.6.0

Siemens · SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AA0) vers:intdot/<6.6.0

Siemens · SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AB0) vers:intdot/<6.6.0

Siemens · SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AC0) vers:intdot/<6.6.0

Siemens · SCALANCE W786-2 SFP (6GK5786-2FE00-0AA0) vers:intdot/<6.6.0

Siemens · SCALANCE W786-2 SFP (6GK5786-2FE00-0AB0) vers:intdot/<6.6.0

Siemens · SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AA0) vers:intdot/<6.6.0

Siemens · SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AB0) vers:intdot/<6.6.0

Siemens · SCALANCE W788-1 M12 (6GK5788-1GD00-0AA0) vers:intdot/<6.6.0

Siemens · SCALANCE W788-1 M12 (6GK5788-1GD00-0AB0) vers:intdot/<6.6.0

Siemens · SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AA0) vers:intdot/<6.6.0

Siemens · SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AB0) vers:intdot/<6.6.0

Siemens · SCALANCE W788-2 M12 (6GK5788-2GD00-0AA0) vers:intdot/<6.6.0

Siemens · SCALANCE W788-2 M12 (6GK5788-2GD00-0AB0) vers:intdot/<6.6.0

Siemens · SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TA0) vers:intdot/<6.6.0

Siemens · SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TB0) vers:intdot/<6.6.0

Siemens · SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TC0) vers:intdot/<6.6.0

Siemens · SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AA0) vers:intdot/<6.6.0

Siemens · SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AB0) vers:intdot/<6.6.0

Siemens · SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AC0) vers:intdot/<6.6.0

Siemens · SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) vers:intdot/<1.2.0

Siemens · SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) vers:intdot/<1.2.0

Siemens · SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) vers:intdot/<1.2.0

Siemens · SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) vers:intdot/<1.2.0

Siemens · SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) vers:intdot/<1.2.0

Siemens · SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) vers:intdot/<1.2.0

Siemens · SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) vers:intdot/<1.2.0

Siemens · SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) vers:intdot/<1.2.0

Siemens · SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) vers:intdot/<1.2.0

Affected Sectors

Critical Manufacturing, Transportation Systems, Energy, Healthcare and Public Health, Financial Services, Government Services and Facilities

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more