CVE-2024-30191 – This vulnerability affects multiple Siemens SCA... (How to Fix)

Q: What is the severity of CVE-2024-30191?

CVE-2024-30191 has a CVSS score of 8.4 (HIGH). This vulnerability affects multiple Siemens SCALANCE industrial wireless access points. A physically proximate attacker can trick affected devices into associating attacker-controlled security contexts with victim frames, potentially allowing decryption of wireless traffic meant for legitimate clients. This impacts organizations using these specific Siemens industrial networking devices in their operational technology environments.

📋 TL;DR

This vulnerability affects multiple Siemens SCALANCE industrial wireless access points. A physically proximate attacker can trick affected devices into associating attacker-controlled security contexts with victim frames, potentially allowing decryption of wireless traffic meant for legitimate clients. This impacts organizations using these specific Siemens industrial networking devices in their operational technology environments.

💻 Affected Systems

Products:

SCALANCE W1748-1 M12
SCALANCE W1788-1 M12
SCALANCE W1788-2 EEC M12
SCALANCE W1788-2 M12
SCALANCE W1788-2IA M12
SCALANCE W721-1 RJ45
SCALANCE W722-1 RJ45
SCALANCE W734-1 RJ45
SCALANCE W738-1 M12
SCALANCE W748-1 M12
SCALANCE W748-1 RJ45
SCALANCE W761-1 RJ45
SCALANCE W774-1 M12 EEC
SCALANCE W774-1 RJ45
SCALANCE W778-1 M12
SCALANCE W778-1 M12 EEC
SCALANCE W786-1 RJ45
SCALANCE W786-2 RJ45
SCALANCE W786-2 SFP
SCALANCE W786-2IA RJ45
SCALANCE W788-1 M12
SCALANCE W788-1 RJ45
SCALANCE W788-2 M12
SCALANCE W788-2 M12 EEC
SCALANCE W788-2 RJ45
SCALANCE WAM763-1
SCALANCE WAM766-1
SCALANCE WAM766-1 EEC
SCALANCE WUM763-1
SCALANCE WUM766-1

Versions: All versions prior to patching

Operating Systems: Embedded firmware on affected devices

Default Config Vulnerable: ⚠️ Yes

Notes: This vulnerability specifically refers to Scenario 3 'Override client's security context' from CVE-2022-47522 and affects the listed Siemens SCALANCE industrial wireless devices.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker within wireless range could decrypt sensitive industrial control system communications, potentially gaining insight into operational processes, credentials, or proprietary data transmitted over the wireless network.

🟠

Likely Case

An attacker with physical proximity to the wireless network could intercept and decrypt some wireless traffic, compromising confidentiality of industrial communications.

🟢

If Mitigated

With proper network segmentation and physical security controls, the impact is limited to the specific wireless segment, preventing lateral movement to critical systems.

🌐 Internet-Facing: LOW - This requires physical proximity to the wireless network, not internet accessibility.

🏢 Internal Only: HIGH - This affects internal industrial wireless networks where attackers could gain physical access to facilities or be within wireless range.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires physical proximity to the wireless network and knowledge of wireless security protocols. The vulnerability is related to previously disclosed CVE-2022-47522.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Siemens advisory for specific firmware versions

Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-457702.html

Restart Required: Yes

Instructions:

1. Review Siemens advisory SSA-457702
2. Identify affected devices in your environment
3. Download appropriate firmware updates from Siemens support portal
4. Apply firmware updates following Siemens documentation
5. Verify successful update and restart devices

🔧 Temporary Workarounds

Physical Security Enhancement

all

Restrict physical access to wireless coverage areas to prevent attackers from getting within range

Network Segmentation

all

Isolate wireless networks from critical control systems using firewalls and VLANs

🧯 If You Can't Patch

Implement strict physical access controls to wireless coverage areas
Deploy network monitoring to detect unusual wireless activity
Consider replacing affected devices with updated models if patching is not feasible

🔍 How to Verify

Check if Vulnerable:

Check device model numbers against affected list and verify firmware version against Siemens advisory

Check Version:

Check via Siemens SCALANCE web interface or CLI: show version

Verify Fix Applied:

Verify firmware version has been updated to patched version specified in Siemens advisory

📡 Detection & Monitoring

Log Indicators:

Multiple authentication failures
Unusual MAC addresses attempting association
Security context changes in wireless logs

Network Indicators:

Unusual wireless traffic patterns
Multiple association/disassociation events
Suspicious wireless security negotiation attempts

SIEM Query:

wireless_device:SCALANCE AND (event_type:auth_failure OR event_type:association_anomaly)

📊 Metadata

CVE ID: CVE-2024-30191

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-290

Published: April 9, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-30191, you might also want to check these: