Siemens SCALANCE W1750D Cryptographic Issues (CVE-2017-13099)

medium Tenable OT Security Plugin ID 501025


The remote OT asset is affected by a vulnerability.


wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as ROBOT.

This plugin only works with Tenable.ot.
Please visit for more information.


The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at

Siemens provides a firmware update (v8.3.0.1) and recommends users to update to the new version. This update can be found on their website at the following location:

To reduce the risk, Siemens recommends administrators restrict access to the web interface of the affected devices.

As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security (, and following the recommendations in the product manuals.

Additional information on Industrial Security by Siemens can be found at:

For more information on this vulnerability and associated software updates, please see Siemens security advisory SSA-464260 on their website:

See Also

Plugin Details

Severity: Medium

ID: 501025

Version: 1.2

Type: remote

Family: Tenable.ot

Published: 4/11/2023

Updated: 7/24/2023

Supported Sensors: Tenable OT Security

Risk Information


Risk Factor: Low

Score: 3.6


Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2017-13099


Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:scalance_w1750d_firmware

Required KB Items: Tenable.ot/Siemens

Exploit Ease: No known exploits are available

Patch Publication Date: 12/13/2017

Vulnerability Publication Date: 12/13/2017

Reference Information

CVE: CVE-2017-13099

CWE: 203