CVE-2025-24499: Input Validation
First published: Tue Feb 11 2025(Updated: )
A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V3.0.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V3.0.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions < V3.0.0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions < V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions < V3.0.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions < V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions < V3.0.0). Affected devices do not properly validate input while loading the configuration files. This could allow an authenticated remote attacker to execute arbitrary shell commands on the device.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens SCALANCE WAB762-1 | <3.0.0 | |
| Siemens Scalance WAM763-1 | <3.0.0 | |
| Siemens SCALANCE WAM763-1 | <3.0.0 | |
| Siemens SCALANCE WAM763-1 | <3.0.0 | |
| Siemens SCALANCE WAM766-1 | <3.0.0 | |
| Siemens SCALANCE WAM766-1 EEC (ME) | <3.0.0 | |
| Siemens SCALANCE WAM766-1 | <3.0.0 | |
| Siemens SCALANCE WAM766-1 ECC Firmware | <3.0.0 | |
| Siemens SCALANCE WAM766-1 ECC Firmware | <3.0.0 | |
| Siemens SCALANCE WAM766-1 (US) | <3.0.0 | |
| Siemens SCALANCE WUB762-1 iFeatures | <3.0.0 | |
| Siemens SCALANCE WUB762-1 | <3.0.0 | |
| Siemens Scalance WUM763-1 Firmware | <3.0.0 | |
| Siemens SCALANCE WUM763-1 (US) | <3.0.0 | |
| Siemens SCALANCE WUM763-1 | <3.0.0 | |
| Siemens SCALANCE WUM766-1 | <3.0.0 | |
| Siemens SCALANCE WUM766-1 | <3.0.0 | |
| Siemens SCALANCE WUM766-1 | <3.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
Is there a workaround for CVE-2025-24499 if I cannot update immediately?
As of now, there are no documented workarounds for CVE-2025-24499, so updating is recommended.
- agent/weakness
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/severity
- agent/author
- agent/event
- agent/source
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/siemens
- canonical/siemens scalance wab762-1
- canonical/siemens scalance wam763-1
- canonical/siemens scalance wam766-1
- canonical/siemens scalance wam766-1 eec (me)
- canonical/siemens scalance wam766-1 ecc firmware
- canonical/siemens scalance wam766-1 (us)
- canonical/siemens scalance wub762-1 ifeatures
- canonical/siemens scalance wub762-1
- canonical/siemens scalance wum763-1 firmware
- canonical/siemens scalance wum763-1 (us)
- canonical/siemens scalance wum763-1
- canonical/siemens scalance wum766-1