Denial of Service Vulnerability in SCALANCE Products by Siemens
CVE-2024-23814

6.9MEDIUM

Key Information:

Vendor: Siemens
Status: Scalance Wab762-1; Scalance Wam763-1; Scalance Wam763-1 (me); Scalance Wam763-1 (us)
Vendor: CVE Published:; 11 February 2025

Summary

A denial of service vulnerability exists in the SCALANCE series of network devices from Siemens. When affected devices receive specially crafted packets targeting ICMP fragment re-assembly, they can exhaust their memory resources. This condition may be exploited by an unauthenticated remote attacker, leading to a temporary denial of service of the ICMP service. However, other communication services remain unaffected. Once the attack subsides, the devices will return to normal operation.

Affected Version(s)

SCALANCE WAB762-1 0

SCALANCE WAM763-1 0

SCALANCE WAM763-1 (ME) 0

References

https://cert-portal.siemens.com/productcert/html/ssa-7690...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Jan 22, 2024