Siemens SCALANCE W 1750D Improper Input Validation (CVE-2016-2031)

critical Tenable OT Security Plugin ID 501001


The remote OT asset is affected by a vulnerability.


Multiple vulnerabilities exists in Aruba Instate before and due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code.

This plugin only works with Tenable.ot.
Please visit for more information.


The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at

Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:

- Update to the latest firmware version and find further instructions in the document Control Plane Security Best Practices. Depending on network configuration and risk tolerance, no action may be required.

Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following the recommendations in the product manuals. Additional information on industrial security by Siemens can be found at:

For more information refer to Siemens Advisory SSA-431802

See Also

Plugin Details

Severity: Critical

ID: 501001

Version: 1.2

Type: remote

Family: Tenable.ot

Published: 4/11/2023

Updated: 7/24/2023

Supported Sensors: Tenable OT Security

Risk Information


Risk Factor: Medium

Score: 6.7


Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2016-2031


Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:scalance_w1750d_firmware

Required KB Items: Tenable.ot/Siemens

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/31/2020

Vulnerability Publication Date: 1/31/2020

Reference Information

CVE: CVE-2016-2031

CWE: 20