Siemens SCALANCE Classic Buffer Overflow (CVE-2021-37716)

critical Tenable OT Security Plugin ID 500994


The remote OT asset is affected by a vulnerability.


A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s):
Prior to; Prior to,,, Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.

This plugin only works with Tenable.ot.
Please visit for more information.


The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at

Siemens recommends upgrading SCALANCE W1750 to Versions or later

SCALANCE W1750D: All version 8719 and prior (only affected by CVE-2019-5318, currently no fix is planned.

SCALANCE W1750 versions from to update to version or later (only affected by CVE-2019-5318, CVE-2020-37719, CVE-2021-37717, CVE-2021-37718, CVE-2021-37720, CVE-2021-37721, CVE-2021-37722, CVE-2021-37728).

Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:

- Block access to the ArubaOS Command Line Interface from all untrusted users.
- Block access to the ArubaOS web-based management interface from all untrusted users.
- Block access to the Mobility Conductor Command Line Interface from all untrusted users.
- Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed.
- Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk.
- To minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated Layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross Layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. In addition, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance.
- The RAPConsole or Local Debug (LD) homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the LD homepage, which effectively prevents this issue. Detailed instructions for ACL implementation are available.

As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens’ operational guidelines for industrial security, and to follow the recommendations in the product manuals.

For additional information, please refer to Siemens Security Advisory SSA-280624 in HTML or CSAF.

See Also

Plugin Details

Severity: Critical

ID: 500994

Version: 1.3

Type: remote

Family: Tenable.ot

Published: 4/11/2023

Updated: 8/18/2023

Supported Sensors: Tenable OT Security

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-37716


Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:scalance_w1750d_firmware

Required KB Items: Tenable.ot/Siemens

Exploit Ease: No known exploits are available

Patch Publication Date: 9/7/2021

Vulnerability Publication Date: 9/7/2021

Reference Information

CVE: CVE-2021-37716

CWE: 120