CVE-2025-24499
Published: 11 February 2025
Description
Adversaries may abuse Unix shell commands and scripts for execution.
Security Summary
CVE-2025-24499 is a vulnerability in multiple Siemens SCALANCE wireless access points and modules, including SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0 and variants for ME and US), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0 and variants including EEC, ME, and US), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0 and iFeatures variant), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0, 3DA0, and US variants), and SCALANCE WUM766-1 (6GK5766-1GE00-3DA0 and variants for ME and USA), all versions prior to V3.0.0. The flaw arises from improper input validation during the loading of configuration files (CWE-20), earning a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Attackers require high privileges (PR:H) and network access (AV:N) to exploit this remotely with low complexity (AC:L) and no user interaction (UI:N). Exploitation enables execution of arbitrary shell commands on the device, granting high-impact control over confidentiality, integrity, and availability (C:H/I:H/A:H) in an unchanged scope (S:U).
Siemens advisory SSA-769027 (https://cert-portal.siemens.com/productcert/html/ssa-769027.html) confirms the issue and advises upgrading all affected products to V3.0.0 or later as the primary mitigation.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability enables remote exploitation of a public-facing network device (wireless AP) via improper input validation in config file loading, directly resulting in arbitrary Unix shell command execution.