CWE
400
Advisory Published
Updated

CVE-2024-23814

First published: Tue Feb 11 2025(Updated: )

A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V3.0.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V3.0.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions < V3.0.0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions < V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions < V3.0.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions < V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions < V3.0.0). The integrated ICMP service of the network stack of affected devices can be forced to exhaust its available memory resources when receiving specially crafted messages targeting IP fragment re-assembly. This could allow an unauthenticated remote attacker to cause a temporary denial of service condition of the ICMP service, other communication services are not affected. Affected devices will resume normal operation after the attack terminates.

Credit: productcert@siemens.com

Affected SoftwareAffected VersionHow to fix
Siemens SCALANCE WAB762-1<3.0.0
Siemens Scalance WAM763-1<3.0.0
Siemens SCALANCE WAM763-1<3.0.0
Siemens SCALANCE WAM763-1<3.0.0
Siemens SCALANCE WAM766-1<3.0.0
Siemens SCALANCE WAM766-1 EEC (ME)<3.0.0
Siemens SCALANCE WAM766-1<3.0.0
Siemens SCALANCE WAM766-1 ECC Firmware<3.0.0
Siemens SCALANCE WAM766-1 ECC Firmware<3.0.0
Siemens SCALANCE WAM766-1 (US)<3.0.0
Siemens SCALANCE WUB762-1 iFeatures<3.0.0
Siemens SCALANCE WUB762-1<3.0.0
Siemens Scalance WUM763-1 Firmware<3.0.0
Siemens SCALANCE WUM763-1 (US)<3.0.0
Siemens SCALANCE WUM763-1<3.0.0
Siemens SCALANCE WUM763-1 (US)<3.0.0
Siemens SCALANCE WUM766-1<3.0.0
Siemens SCALANCE WUM766-1<3.0.0
Siemens SCALANCE WUM766-1<3.0.0

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the severity of CVE-2024-23814?

    CVE-2024-23814 has a moderate severity rating due to potential unauthorized access risks.

  • How do I fix CVE-2024-23814?

    To fix CVE-2024-23814, upgrade to versions 3.0.0 or later of the affected Siemens SCALANCE models.

  • Which devices are affected by CVE-2024-23814?

    CVE-2024-23814 affects Siemens SCALANCE WAB762-1, WAM763-1, and WAM766-1 models with versions earlier than 3.0.0.

  • What types of vulnerabilities does CVE-2024-23814 address?

    CVE-2024-23814 addresses vulnerabilities related to unauthorized access that can compromise network security.

  • Is there a known exploit for CVE-2024-23814?

    As of now, there are no publicly available exploits disclosed for CVE-2024-23814.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203