SSA-721642: Injection Vulnerability in SCALANCE W700 802.11 AX Family Before V2.4 Key Information from the Webpage Screenshot: 1. Publication Date: - 2024-09-10 2. Last Update: - 2024-09-10 3. Current Version: - V1.0 4. CVSS v3.1 Base Score: - 9.1 5. CVSS v4.0 Base Score: - 9.4 6. Summary: - Siemens has released new versions for the affected products and recommends updating to the latest versions. 7. Affected Products and Solution: - Affected Product and Versions: SCALANCE W-700 IEEE 802.11ax family - Remediation: Update to V2.4.0 or later version - https://support.industry.siemens.com/cs/ww/en/view/109974327/ 8. Workarounds and Mitigations: - Product-specific remediations or mitigations can be found in the section "Affected Products and Solution." - Please follow the General Security Recommendations. 9. General Security Recommendations: - Siemens recommends configuring the environment according to Siemens' operational guidelines for Industrial Security. - Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity 10. Product Description: 11. Vulnerability Description: - Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. - Follow-up of CVE-2022-36323. 12. Additional Information: - For further inquiries on security vulnerabilities in Siemens products and solutions, please contact Siemens ProductCERT: https://www.siemens.com/cert/advisories 13. History Data: - V1.0 (2024-09-10): Publication Date 14. Terms of Use: - Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.