CVE-2024-30191 in SCALANCE W1748-1 M12
Riassunto
di VulDB • 30/06/2026
Based on the list of affected Siemens SCALANCE W700 series wireless devices and the description provided, here is an analysis of **CVE-2022-47522**, specifically focusing on **Scenario 3: "Override client’s security context"**.
### Overview **CVE-2022-47522** affects Siemens SCALANCE W700 series wireless access points (APs) and clients. The vulnerability allows an attacker to manipulate the association process between a legitimate device (victim) and an AP, potentially leading to unauthorized decryption of traffic or man-in-the-middle attacks.
### Scenario 3: "Override client’s security context" This specific scenario describes how an attacker can exploit flaws in the key management or re-association procedures within WPA2/WPA3 enterprise or personal networks using TKIP/AES encryption.
#### Attack Mechanism 1. **Physical Proximity Requirement**: The attacker must be physically close to both the victim device and the target AP, as this is a wireless-layer attack requiring signal interception and injection. 2. **Exploitation of Re-association/Re-keying**: - In WPA/WPA2 networks, security contexts (encryption keys) are negotiated during association or rekeying events. - The vulnerability lies in how the AP validates or updates these security contexts when a client reconnects or roams. 3. **Context Override**: - An attacker intercepts frames from the victim device attempting to associate or reassociate with an AP (or another legitimate AP). - By manipulating timing, frame sequences, or exploiting race conditions in the key derivation/validation process, the attacker forces the AP to accept a **newly negotiated security context** that is controlled by the attacker. 4. **Result**: - The victim device believes it has established a secure connection with the intended AP using valid keys. - However, due to the overridden context, the actual encryption/decryption keys are known or controllable by the attacker. - This allows the attacker to **decrypt frames** sent between the victim and the network that were originally encrypted for the victim’s legitimate security context.
#### Impact - **Confidentiality Loss**: Attackers can decrypt sensitive data transmitted over the wireless link intended for the victim device. - **Man-in-the-Middle (MitM)**: In some configurations, this could enable active interception and modification of traffic if combined with other techniques. - **No Authentication Bypass Required**: The attack does not require compromising passwords or certificates; it exploits protocol-level flaws in key management during association/rekeying.
### Affected Devices Summary The following Siemens SCALANCE W700 series devices are vulnerable: - **W786 Series** (RJ45 and SFP variants) - **W788 Series** (M12 and RJ45 variants, including EEC versions) - **WAM/WUM 763/766 Series** (Access Points/Mobile Units for EU/US markets)
### Mitigation & Recommendations Siemens has released firmware updates to address this vulnerability. Recommended actions include:
1. **Update Firmware**: Apply the latest security patches provided by Siemens for all affected SCALANCE W devices. Check Siemens’ official support portal or Security Advisories (e.g., [CERT-Bund](https://www.cert-bund.de/) or [Siemens Cybersecurity Updates](https://support.industry.siemens.com/cs/document/109745682/security-update-for-simatic-net-scalance-w-700-series)).
2. **Use WPA3**: Where possible, migrate to WPA3-SAE (Simultaneous Authentication of Equals), which provides stronger protection against offline dictionary attacks and has improved key management robustness compared to WPA2. 3. **Network Segmentation**: Isolate wireless networks from critical control systems using firewalls and VLANs. 4. **Physical Security**: Restrict physical access to areas where these devices operate, as the attack requires proximity. 5. **Monitor for Anomalies**: Implement intrusion detection/prevention systems (IDS/IPS) capable of detecting unusual reassociation patterns or key negotiation failures in wireless networks.
### Reference - **CVE ID**: CVE-2022-47522 - **Vendor Advisory**: Siemens Product Cybersecurity Vulnerability Statement for SCALANCE W 700 Series - **CWE Classification**: CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')) or related key management flaws.
For detailed technical mitigation steps, consult the official Siemens security advisory document associated with CVE-2022-47522.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.