CVE-2025-24499
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Summary
A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V3.0.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V3.0.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions < V3.0.0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions < V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions < V3.0.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions < V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions < V3.0.0). Affected devices do not properly validate input while loading the configuration files. This could allow an authenticated remote attacker to execute arbitrary shell commands on the device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens | SCALANCE WAB762-1 | 0 < V3.0.0 | affected |
| Siemens | SCALANCE WAM763-1 | 0 < V3.0.0 | affected |
| Siemens | SCALANCE WAM763-1 (ME) | 0 < V3.0.0 | affected |
| Siemens | SCALANCE WAM763-1 (US) | 0 < V3.0.0 | affected |
| Siemens | SCALANCE WAM766-1 | 0 < V3.0.0 | affected |
| Siemens | SCALANCE WAM766-1 (ME) | 0 < V3.0.0 | affected |
| Siemens | SCALANCE WAM766-1 (US) | 0 < V3.0.0 | affected |
| Siemens | SCALANCE WAM766-1 EEC | 0 < V3.0.0 | affected |
| Siemens | SCALANCE WAM766-1 EEC (ME) | 0 < V3.0.0 | affected |
| Siemens | SCALANCE WAM766-1 EEC (US) | 0 < V3.0.0 | affected |
| Siemens | SCALANCE WUB762-1 | 0 < V3.0.0 | affected |
| Siemens | SCALANCE WUB762-1 iFeatures | 0 < V3.0.0 | affected |
| Siemens | SCALANCE WUM763-1 | 0 < V3.0.0 | affected |
| Siemens | SCALANCE WUM763-1 | 0 < V3.0.0 | affected |
| Siemens | SCALANCE WUM763-1 (US) | 0 < V3.0.0 | affected |
| Siemens | SCALANCE WUM763-1 (US) | 0 < V3.0.0 | affected |
| Siemens | SCALANCE WUM766-1 | 0 < V3.0.0 | affected |
| Siemens | SCALANCE WUM766-1 (ME) | 0 < V3.0.0 | affected |
| Siemens | SCALANCE WUM766-1 (USA) | 0 < V3.0.0 | affected |
Weaknesses
- CWE-20: CWE-20: Improper Input Validation
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.