Siemens SCALANCE W1750D Classic Buffer Overflow (CVE-2022-37889)

critical Tenable OT Security Plugin ID 500989


The remote OT asset is affected by a vulnerability.


There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: and below; Aruba InstantOS 6.5.x: and below; Aruba InstantOS 8.6.x: and below; Aruba InstantOS 8.7.x: and below; Aruba InstantOS 8.10.x: and below; ArubaOS 10.3.x: and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.

This plugin only works with Tenable.ot.
Please visit for more information.


The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at

Siemens identified the following specific workarounds and mitigations to reduce risk:

- CVE-2022-37885, CVE-2022-37886, CVE-2022-37887, CVE-2022-37888, and CVE-2022-37889: Enable CPSec via the cluster- security command.
- CVE-2022-37890, CVE-2022-37891, CVE-2022-37892, CVE-2022-37895, and CVE-2022-37896: Restrict the web-based management interface to a dedicated layer 2 segment/VLAN and/or control the interface by firewall policies at layer 3 and above.
- CVE-2022-37893: Restrict the command line interface to a dedicated layer 2 segment/VLAN and/or control the interface by firewall policies at layer 3 and above.

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following the recommendations in the product manuals.

Additional information on Industrial Security by Siemens can be found at the Siemens website.

For more information, see the associated Siemens security advisory SSA-506569 in HTML and CSAF.

Siemens SCALANCE W1750D is a brand-labeled device from Aruba. For more information regarding these vulnerabilities, see the Aruba security advisory ARUBA-PSA-2022-014.

See Also

Plugin Details

Severity: Critical

ID: 500989

Version: 1.3

Type: remote

Family: Tenable.ot

Published: 4/11/2023

Updated: 8/18/2023

Supported Sensors: Tenable OT Security

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-37889


Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:scalance_w1750d_firmware

Required KB Items: Tenable.ot/Siemens

Exploit Ease: No known exploits are available

Patch Publication Date: 10/7/2022

Vulnerability Publication Date: 10/7/2022

Reference Information

CVE: CVE-2022-37889

CWE: 120