PT-2025-6203 · Siemens · Scalance Wam766-1 Eec+4

Published

2025-02-11

·

Updated

2025-02-12

·

CVE-2025-24499

CVSS v2.0

9.0

High

VectorAV:N/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions: SCALANCE WAB762-1 versions prior to V3.0.0 SCALANCE WAM763-1 versions prior to V3.0.0 SCALANCE WAM763-1 (ME) versions prior to V3.0.0 SCALANCE WAM763-1 (US) versions prior to V3.0.0 SCALANCE WAM766-1 versions prior to V3.0.0 SCALANCE WAM766-1 (ME) versions prior to V3.0.0 SCALANCE WAM766-1 (US) versions prior to V3.0.0 SCALANCE WAM766-1 EEC versions prior to V3.0.0 SCALANCE WAM766-1 EEC (ME) versions prior to V3.0.0 SCALANCE WAM766-1 EEC (US) versions prior to V3.0.0 SCALANCE WUB762-1 versions prior to V3.0.0 SCALANCE WUB762-1 iFeatures versions prior to V3.0.0 SCALANCE WUM763-1 versions prior to V3.0.0 SCALANCE WUM763-1 (US) versions prior to V3.0.0 SCALANCE WUM766-1 versions prior to V3.0.0 SCALANCE WUM766-1 (ME) versions prior to V3.0.0 SCALANCE WUM766-1 (USA) versions prior to V3.0.0
Description: The affected devices do not properly validate input while loading the configuration files. This could allow an authenticated remote attacker to execute arbitrary shell commands on the device.
Recommendations: For SCALANCE WAB762-1 versions prior to V3.0.0, update to version V3.0.0 or later. For SCALANCE WAM763-1 versions prior to V3.0.0, update to version V3.0.0 or later. For SCALANCE WAM763-1 (ME) versions prior to V3.0.0, update to version V3.0.0 or later. For SCALANCE WAM763-1 (US) versions prior to V3.0.0, update to version V3.0.0 or later. For SCALANCE WAM766-1 versions prior to V3.0.0, update to version V3.0.0 or later. For SCALANCE WAM766-1 (ME) versions prior to V3.0.0, update to version V3.0.0 or later. For SCALANCE WAM766-1 (US) versions prior to V3.0.0, update to version V3.0.0 or later. For SCALANCE WAM766-1 EEC versions prior to V3.0.0, update to version V3.0.0 or later. For SCALANCE WAM766-1 EEC (ME) versions prior to V3.0.0, update to version V3.0.0 or later. For SCALANCE WAM766-1 EEC (US) versions prior to V3.0.0, update to version V3.0.0 or later. For SCALANCE WUB762-1 versions prior to V3.0.0, update to version V3.0.0 or later. For SCALANCE WUB762-1 iFeatures versions prior to V3.0.0, update to version V3.0.0 or later. For SCALANCE WUM763-1 versions prior to V3.0.0, update to version V3.0.0 or later. For SCALANCE WUM763-1 (US) versions prior to V3.0.0, update to version V3.0.0 or later. For SCALANCE WUM766-1 versions prior to V3.0.0, update to version V3.0.0 or later. For SCALANCE WUM766-1 (ME) versions prior to V3.0.0, update to version V3.0.0 or later. For SCALANCE WUM766-1 (USA) versions prior to V3.0.0, update to version V3.0.0 or later.

Fix

RCE

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2025-05906
CVE-2025-24499

Affected Products

Scalance Wab762-1
Scalance Wam763-1
Scalance Wam766-1
Scalance Wam766-1 Eec
Scalance Wub762-1 Ifeatures