What is the severity of CVE-2024-23814?

CVE-2024-23814 has a moderate severity rating due to potential unauthorized access risks.

How do I fix CVE-2024-23814?

To fix CVE-2024-23814, upgrade to versions 3.0.0 or later of the affected Siemens SCALANCE models.

Which devices are affected by CVE-2024-23814?

CVE-2024-23814 affects Siemens SCALANCE WAB762-1, WAM763-1, and WAM766-1 models with versions earlier than 3.0.0.

What types of vulnerabilities does CVE-2024-23814 address?

CVE-2024-23814 addresses vulnerabilities related to unauthorized access that can compromise network security.

Is there a known exploit for CVE-2024-23814?

As of now, there are no publicly available exploits disclosed for CVE-2024-23814.

Vulnerability/
CVE-2024-23814

medium

6.9

CWE

400

11/2/2025

CVE-2024-23814

First published: Tue Feb 11 2025(Updated: )

A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V3.0.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V3.0.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions < V3.0.0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions < V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions < V3.0.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions < V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions < V3.0.0). The integrated ICMP service of the network stack of affected devices can be forced to exhaust its available memory resources when receiving specially crafted messages targeting IP fragment re-assembly. This could allow an unauthenticated remote attacker to cause a temporary denial of service condition of the ICMP service, other communication services are not affected. Affected devices will resume normal operation after the attack terminates.

Credit: productcert@siemens.com

Affected Software	Affected Version	How to fix
Siemens SCALANCE WAB762-1	<3.0.0
Siemens Scalance WAM763-1	<3.0.0
Siemens SCALANCE WAM763-1	<3.0.0
Siemens SCALANCE WAM763-1	<3.0.0
Siemens SCALANCE WAM766-1	<3.0.0
Siemens SCALANCE WAM766-1 EEC (ME)	<3.0.0
Siemens SCALANCE WAM766-1	<3.0.0
Siemens SCALANCE WAM766-1 ECC Firmware	<3.0.0
Siemens SCALANCE WAM766-1 ECC Firmware	<3.0.0
Siemens SCALANCE WAM766-1 (US)	<3.0.0
Siemens SCALANCE WUB762-1 iFeatures	<3.0.0
Siemens SCALANCE WUB762-1	<3.0.0
Siemens Scalance WUM763-1 Firmware	<3.0.0
Siemens SCALANCE WUM763-1 (US)	<3.0.0
Siemens SCALANCE WUM763-1	<3.0.0
Siemens SCALANCE WUM763-1 (US)	<3.0.0
Siemens SCALANCE WUM766-1	<3.0.0
Siemens SCALANCE WUM766-1	<3.0.0
Siemens SCALANCE WUM766-1	<3.0.0

Never miss a vulnerability like this again

Reference Links

https://cert-portal.siemens.com/productcert/html/ssa-769027.html

Frequently Asked Questions

What is the severity of CVE-2024-23814?
CVE-2024-23814 has a moderate severity rating due to potential unauthorized access risks.
How do I fix CVE-2024-23814?
To fix CVE-2024-23814, upgrade to versions 3.0.0 or later of the affected Siemens SCALANCE models.
Which devices are affected by CVE-2024-23814?
CVE-2024-23814 affects Siemens SCALANCE WAB762-1, WAM763-1, and WAM766-1 models with versions earlier than 3.0.0.
What types of vulnerabilities does CVE-2024-23814 address?
CVE-2024-23814 addresses vulnerabilities related to unauthorized access that can compromise network security.
Is there a known exploit for CVE-2024-23814?
As of now, there are no publicly available exploits disclosed for CVE-2024-23814.

agent/references
agent/weakness
agent/type
agent/description
agent/first-publish-date
collector/nvd-api
source/NVD
agent/severity
agent/author
agent/source
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/siemens
canonical/siemens scalance wab762-1
canonical/siemens scalance wam763-1
canonical/siemens scalance wam766-1
canonical/siemens scalance wam766-1 eec (me)
canonical/siemens scalance wam766-1 ecc firmware
canonical/siemens scalance wam766-1 (us)
canonical/siemens scalance wub762-1 ifeatures
canonical/siemens scalance wub762-1
canonical/siemens scalance wum763-1 firmware
canonical/siemens scalance wum763-1 (us)
canonical/siemens scalance wum763-1
canonical/siemens scalance wum766-1