ICSA-22-314-10 · Published 2023-02-14 · View on CISA ICS-CERT ↗

Siemens SCALANCE W1750D

CVSS 9.8 CRITICAL

CVEs (13)

CVE-2002-20001 CVE-2022-37885 CVE-2022-37886 CVE-2022-37887 CVE-2022-37888 CVE-2022-37889 CVE-2022-37890 CVE-2022-37891 CVE-2022-37892 CVE-2022-37893 CVE-2022-37894 CVE-2022-37895 CVE-2022-37896

Remediations

Update to V8.7.1.11 or later version
CVE-2022-37885, CVE-2022-37886, CVE-2022-37887, CVE-2022-37888, CVE-2022-37889: Enable CPSec via the cluster-security command
CVE-2022-37890, CVE-2022-37891, CVE-2022-37892, CVE-2022-37895, CVE-2022-37896: Restrict the web-based management interface to a dedicated layer 2 segment/VLAN and/or control the interface by firewall policies at layer 3 and above
CVE-2022-37893: Restrict the command line interface to a dedicated layer 2 segment/VLAN and/or control the interface by firewall policies at layer 3 and above

Affected Vendors

Siemens

Affected Products (3)

Siemens · SCALANCE W1750D (JP) (6GK5750-2HX01-1AD0) <V8.7.1.11

Siemens · SCALANCE W1750D (ROW) (6GK5750-2HX01-1AA0) <V8.7.1.11

Siemens · SCALANCE W1750D (USA) (6GK5750-2HX01-1AB0) <V8.7.1.11

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more