Detections
Analytics
Siemens SCALANCE Improper Authentication (CVE-2020-26139)
medium Tenable OT Security Plugin ID 505332
Synopsis
The remote OT asset is affected by a vulnerability.Description
An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients.This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
Refer to the vendor advisory.See Also
https://cert-portal.siemens.com/productcert/html/ssa-913875.html
https://cert-portal.siemens.com/productcert/html/ssa-019200.html
https://support.industry.siemens.com/cs/ww/en/view/109996102/
https://support.industry.siemens.com/cs/ww/en/view/109805887/
https://support.industry.siemens.com/cs/ww/en/view/109808629/
https://www.cisa.gov/news-events/ics-advisories/icsa-22-104-04
Plugin Details
Severity: Medium
ID: 505332
File Name: tenable_ot_siemens_CVE-2020-26139.nasl
Version: 1.1
Type: Remote
Family: Tenable.ot
Published: 4/21/2026
Updated: 4/21/2026
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v3
Risk Factor: Medium
Base Score: 5.3
Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Information
CPE: cpe:/o:siemens:scalance_w1788-1_m12_firmware:3.0.0, cpe:/o:siemens:scalance_w1788-2ia_m12_firmware:3.0.0, cpe:/o:siemens:scalance_w1788-2_m12_firmware:3.0.0, cpe:/o:siemens:scalance_w1748-1_m12_firmware:3.0.0, cpe:/o:siemens:scalance_w1788-2_eec_m12_firmware:3.0.0, cpe:/o:siemens:scalance_w761-1_rj45_firmware:6.6.0, cpe:/o:siemens:scalance_w788-2_m12_eec_firmware:6.6.0, cpe:/o:siemens:scalance_w786-2_rj45_firmware:6.6.0, cpe:/o:siemens:scalance_wam766-1_firmware:1.2.0, cpe:/o:siemens:scalance_w788-1_rj45_firmware:6.6.0, cpe:/o:siemens:scalance_w778-1_m12_eec_%28usa%29_firmware:6.6.0, cpe:/o:siemens:scalance_wum766-1_%28usa%29_firmware:1.2.0, cpe:/o:siemens:scalance_w734-1_rj45_%28usa%29_firmware:6.6.0, cpe:/o:siemens:scalance_wum766-1_firmware:1.2.0, cpe:/o:siemens:scalance_wam766-1_eec_firmware:1.2.0, cpe:/o:siemens:scalance_wum763-1_firmware:1.2.0, cpe:/o:siemens:scalance_w788-2_m12_firmware:6.6.0, cpe:/o:siemens:scalance_w774-1_rj45_firmware:6.6.0, cpe:/o:siemens:scalance_w786-2ia_rj45_firmware:6.6.0, cpe:/o:siemens:scalance_w786-2_sfp_firmware:6.6.0, cpe:/o:siemens:scalance_w786-1_rj45_firmware:6.6.0, cpe:/o:siemens:scalance_w778-1_m12_eec_firmware:6.6.0, cpe:/o:siemens:scalance_w721-1_rj45_firmware:6.6.0, cpe:/o:siemens:scalance_w748-1_rj45_firmware:6.6.0, cpe:/o:siemens:scalance_wam763-1_firmware:1.2.0, cpe:/o:siemens:scalance_w774-1_m12_eec_firmware:6.6.0, cpe:/o:siemens:scalance_w734-1_rj45_firmware:6.6.0, cpe:/o:siemens:scalance_wam766-1_%28us%29_firmware:1.2.0, cpe:/o:siemens:scalance_w774-1_rj45_%28usa%29_firmware:6.6.0, cpe:/o:siemens:scalance_w788-1_m12_firmware:6.6.0, cpe:/o:siemens:scalance_w778-1_m12_firmware:6.6.0, cpe:/o:siemens:scalance_w748-1_m12_firmware:6.6.0, cpe:/o:siemens:scalance_w722-1_rj45_firmware:6.6.0, cpe:/o:siemens:scalance_wam766-1_eec_%28us%29_firmware:1.2.0, cpe:/o:siemens:scalance_w788-2_rj45_firmware:6.6.0, cpe:/o:siemens:scalance_w738-1_m12_firmware:6.6.0
Required KB Items: Tenable.ot/Siemens
Exploit Ease: No known exploits are available
Patch Publication Date: 7/13/2021
Vulnerability Publication Date: 7/13/2021
Reference Information
CVE: CVE-2020-26139
CWE: 287
ICSA: 22-104-04