All the vulnerabilites related to siemens - scalance_x200-4p_irt
cve-2022-40631
Vulnerability from cvelistv5
Published
2022-10-11 00:00
Modified
2024-08-03 12:21
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT (All versions < V5.5.0), SCALANCE X202-2P IRT (All versions < V5.5.0), SCALANCE X202-2P IRT PRO (All versions < V5.5.0), SCALANCE X204-2 (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X204IRT (All versions < V5.5.0), SCALANCE X204IRT PRO (All versions < V5.5.0), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < V5.5.0), SCALANCE XF202-2P IRT (All versions < V5.5.0), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204-2 (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < V5.5.0), SCALANCE XF204IRT (All versions < V5.5.0), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.0). There is a cross-site scripting vulnerability on the affected devices, that if used by a threat actor, it could result in session hijacking.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SCALANCE X200-4P IRT |
Version: All versions < V5.5.0 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501891.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SCALANCE X200-4P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.0"
}
]
},
{
"product": "SCALANCE X201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.0"
}
]
},
{
"product": "SCALANCE X201-3P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.0"
}
]
},
{
"product": "SCALANCE X202-2IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.0"
}
]
},
{
"product": "SCALANCE X202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.0"
}
]
},
{
"product": "SCALANCE X202-2P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.0"
}
]
},
{
"product": "SCALANCE X204-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X204-2FM",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X204-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X204-2LD TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X204-2TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X204IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.0"
}
]
},
{
"product": "SCALANCE X204IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.0"
}
]
},
{
"product": "SCALANCE X206-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X206-1LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X208",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X208PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X212-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X212-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X216",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X224",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE XF201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.0"
}
]
},
{
"product": "SCALANCE XF202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.0"
}
]
},
{
"product": "SCALANCE XF204",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE XF204-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE XF204-2BA IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.0"
}
]
},
{
"product": "SCALANCE XF204IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.0"
}
]
},
{
"product": "SCALANCE XF206-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE XF208",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SIPLUS NET SCALANCE X202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c V5.5.0), SCALANCE X201-3P IRT (All versions \u003c V5.5.0), SCALANCE X201-3P IRT PRO (All versions \u003c V5.5.0), SCALANCE X202-2IRT (All versions \u003c V5.5.0), SCALANCE X202-2P IRT (All versions \u003c V5.5.0), SCALANCE X202-2P IRT PRO (All versions \u003c V5.5.0), SCALANCE X204-2 (All versions \u003c V5.2.5), SCALANCE X204-2FM (All versions \u003c V5.2.5), SCALANCE X204-2LD (All versions \u003c V5.2.5), SCALANCE X204-2LD TS (All versions \u003c V5.2.5), SCALANCE X204-2TS (All versions \u003c V5.2.5), SCALANCE X204IRT (All versions \u003c V5.5.0), SCALANCE X204IRT PRO (All versions \u003c V5.5.0), SCALANCE X206-1 (All versions \u003c V5.2.5), SCALANCE X206-1LD (All versions \u003c V5.2.5), SCALANCE X208 (All versions \u003c V5.2.5), SCALANCE X208PRO (All versions \u003c V5.2.5), SCALANCE X212-2 (All versions \u003c V5.2.5), SCALANCE X212-2LD (All versions \u003c V5.2.5), SCALANCE X216 (All versions \u003c V5.2.5), SCALANCE X224 (All versions \u003c V5.2.5), SCALANCE XF201-3P IRT (All versions \u003c V5.5.0), SCALANCE XF202-2P IRT (All versions \u003c V5.5.0), SCALANCE XF204 (All versions \u003c V5.2.5), SCALANCE XF204-2 (All versions \u003c V5.2.5), SCALANCE XF204-2BA IRT (All versions \u003c V5.5.0), SCALANCE XF204IRT (All versions \u003c V5.5.0), SCALANCE XF206-1 (All versions \u003c V5.2.5), SCALANCE XF208 (All versions \u003c V5.2.5), SIPLUS NET SCALANCE X202-2P IRT (All versions \u003c V5.5.0). There is a cross-site scripting vulnerability on the affected devices, that if used by a threat actor, it could result in session hijacking."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-11T00:00:00",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501891.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-40631",
"datePublished": "2022-10-11T00:00:00",
"dateReserved": "2022-09-13T00:00:00",
"dateUpdated": "2024-08-03T12:21:46.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26649
Vulnerability from cvelistv5
Published
2022-07-12 10:06
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SCALANCE X200-4P IRT |
Version: All versions < V5.5.2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:11:43.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SCALANCE X200-4P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X201-3P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2FM",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2LD TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X206-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X206-1LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X208",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X208PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X212-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X212-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X216",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X224",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204-2BA IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF206-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF208",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT PRO (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT PRO (All versions \u003c V5.5.2), SCALANCE X204-2 (All versions \u003c V5.2.6), SCALANCE X204-2FM (All versions \u003c V5.2.6), SCALANCE X204-2LD (All versions \u003c V5.2.6), SCALANCE X204-2LD TS (All versions \u003c V5.2.6), SCALANCE X204-2TS (All versions \u003c V5.2.6), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT PRO (All versions \u003c V5.5.2), SCALANCE X206-1 (All versions \u003c V5.2.6), SCALANCE X206-1LD (All versions \u003c V5.2.6), SCALANCE X208 (All versions \u003c V5.2.6), SCALANCE X208PRO (All versions \u003c V5.2.6), SCALANCE X212-2 (All versions \u003c V5.2.6), SCALANCE X212-2LD (All versions \u003c V5.2.6), SCALANCE X216 (All versions \u003c V5.2.6), SCALANCE X224 (All versions \u003c V5.2.6), SCALANCE XF201-3P IRT (All versions \u003c V5.5.2), SCALANCE XF202-2P IRT (All versions \u003c V5.5.2), SCALANCE XF204 (All versions \u003c V5.2.6), SCALANCE XF204-2 (All versions \u003c V5.2.6), SCALANCE XF204-2BA IRT (All versions \u003c V5.5.2), SCALANCE XF204IRT (All versions \u003c V5.5.2), SCALANCE XF206-1 (All versions \u003c V5.2.6), SCALANCE XF208 (All versions \u003c V5.2.6). Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T09:02:21.918Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-26649",
"datePublished": "2022-07-12T10:06:35",
"dateReserved": "2022-03-07T00:00:00",
"dateUpdated": "2024-08-03T05:11:43.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26647
Vulnerability from cvelistv5
Published
2022-07-12 10:06
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SCALANCE X200-4P IRT |
Version: All versions < V5.5.2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:11:43.345Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SCALANCE X200-4P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X201-3P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2FM",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2LD TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X206-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X206-1LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X208",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X208PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X212-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X212-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X216",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X224",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204-2BA IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF206-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF208",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT PRO (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT PRO (All versions \u003c V5.5.2), SCALANCE X204-2 (All versions \u003c V5.2.6), SCALANCE X204-2FM (All versions \u003c V5.2.6), SCALANCE X204-2LD (All versions \u003c V5.2.6), SCALANCE X204-2LD TS (All versions \u003c V5.2.6), SCALANCE X204-2TS (All versions \u003c V5.2.6), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT PRO (All versions \u003c V5.5.2), SCALANCE X206-1 (All versions \u003c V5.2.6), SCALANCE X206-1LD (All versions \u003c V5.2.6), SCALANCE X208 (All versions \u003c V5.2.6), SCALANCE X208PRO (All versions \u003c V5.2.6), SCALANCE X212-2 (All versions \u003c V5.2.6), SCALANCE X212-2LD (All versions \u003c V5.2.6), SCALANCE X216 (All versions \u003c V5.2.6), SCALANCE X224 (All versions \u003c V5.2.6), SCALANCE XF201-3P IRT (All versions \u003c V5.5.2), SCALANCE XF202-2P IRT (All versions \u003c V5.5.2), SCALANCE XF204 (All versions \u003c V5.2.6), SCALANCE XF204-2 (All versions \u003c V5.2.6), SCALANCE XF204-2BA IRT (All versions \u003c V5.5.2), SCALANCE XF204IRT (All versions \u003c V5.5.2), SCALANCE XF206-1 (All versions \u003c V5.2.6), SCALANCE XF208 (All versions \u003c V5.2.6). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330: Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T09:02:19.204Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-26647",
"datePublished": "2022-07-12T10:06:32",
"dateReserved": "2022-03-07T00:00:00",
"dateUpdated": "2024-08-03T05:11:43.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29054
Vulnerability from cvelistv5
Published
2023-04-11 09:03
Modified
2024-08-02 14:00
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.2). The SSH server on affected devices is configured to offer weak ciphers by default.
This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data
passed over the connection between legitimate clients and the affected device.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SCALANCE X200-4P IRT |
Version: All versions < V5.5.2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:14.631Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479249.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SCALANCE X200-4P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X201-3P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204-2BA IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET SCALANCE X202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT PRO (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT PRO (All versions \u003c V5.5.2), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT PRO (All versions \u003c V5.5.2), SCALANCE XF201-3P IRT (All versions \u003c V5.5.2), SCALANCE XF202-2P IRT (All versions \u003c V5.5.2), SCALANCE XF204-2BA IRT (All versions \u003c V5.5.2), SCALANCE XF204IRT (All versions \u003c V5.5.2), SIPLUS NET SCALANCE X202-2P IRT (All versions \u003c V5.5.2). The SSH server on affected devices is configured to offer weak ciphers by default.\r\n\r\nThis could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data\r\npassed over the connection between legitimate clients and the affected device."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H/E:P/RL:U/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "CWE-326: Inadequate Encryption Strength",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T09:03:08.813Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479249.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2023-29054",
"datePublished": "2023-04-11T09:03:08.813Z",
"dateReserved": "2023-03-30T12:04:26.539Z",
"dateUpdated": "2024-08-02T14:00:14.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3634
Vulnerability from cvelistv5
Published
2013-05-24 20:00
Modified
2024-08-06 16:14
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The implementation of SNMPv3 does not check the user credentials sufficiently. Therefore, an attacker is able to execute SNMP commands without correct credentials.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions \u003c V5.0.0 for CVE-2013-3633 and versions \u003c V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.1.0). The implementation of SNMPv3 does not check the user credentials sufficiently. Therefore, an attacker is able to execute SNMP commands without correct credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-12T19:08:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions \u003c V5.0.0 for CVE-2013-3633 and versions \u003c V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.1.0). The implementation of SNMPv3 does not check the user credentials sufficiently. Therefore, an attacker is able to execute SNMP commands without correct credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3634",
"datePublished": "2013-05-24T20:00:00",
"dateReserved": "2013-05-22T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26648
Vulnerability from cvelistv5
Published
2022-07-12 10:06
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SCALANCE X200-4P IRT |
Version: All versions < V5.5.2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:11:43.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SCALANCE X200-4P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X201-3P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2FM",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2LD TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X206-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X206-1LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X208",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X208PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X212-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X212-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X216",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X224",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204-2BA IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF206-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF208",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT PRO (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT PRO (All versions \u003c V5.5.2), SCALANCE X204-2 (All versions \u003c V5.2.6), SCALANCE X204-2FM (All versions \u003c V5.2.6), SCALANCE X204-2LD (All versions \u003c V5.2.6), SCALANCE X204-2LD TS (All versions \u003c V5.2.6), SCALANCE X204-2TS (All versions \u003c V5.2.6), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT PRO (All versions \u003c V5.5.2), SCALANCE X206-1 (All versions \u003c V5.2.6), SCALANCE X206-1LD (All versions \u003c V5.2.6), SCALANCE X208 (All versions \u003c V5.2.6), SCALANCE X208PRO (All versions \u003c V5.2.6), SCALANCE X212-2 (All versions \u003c V5.2.6), SCALANCE X212-2LD (All versions \u003c V5.2.6), SCALANCE X216 (All versions \u003c V5.2.6), SCALANCE X224 (All versions \u003c V5.2.6), SCALANCE XF201-3P IRT (All versions \u003c V5.5.2), SCALANCE XF202-2P IRT (All versions \u003c V5.5.2), SCALANCE XF204 (All versions \u003c V5.2.6), SCALANCE XF204-2 (All versions \u003c V5.2.6), SCALANCE XF204-2BA IRT (All versions \u003c V5.5.2), SCALANCE XF204IRT (All versions \u003c V5.5.2), SCALANCE XF206-1 (All versions \u003c V5.2.6), SCALANCE XF208 (All versions \u003c V5.2.6). Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T09:02:20.560Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-26648",
"datePublished": "2022-07-12T10:06:34",
"dateReserved": "2022-03-07T00:00:00",
"dateUpdated": "2024-08-03T05:11:43.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3633
Vulnerability from cvelistv5
Published
2013-05-24 20:00
Modified
2024-08-06 16:14
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The user privileges for the web interface are only enforced on client side and not properly verified on server side. Therefore, an attacker is able to execute privileged commands using an unprivileged account.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions \u003c V5.0.0 for CVE-2013-3633 and versions \u003c V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.1.0). The user privileges for the web interface are only enforced on client side and not properly verified on server side. Therefore, an attacker is able to execute privileged commands using an unprivileged account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-12T19:08:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3633",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions \u003c V5.0.0 for CVE-2013-3633 and versions \u003c V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.1.0). The user privileges for the web interface are only enforced on client side and not properly verified on server side. Therefore, an attacker is able to execute privileged commands using an unprivileged account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3633",
"datePublished": "2013-05-24T20:00:00",
"dateReserved": "2013-05-22T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25669
Vulnerability from cvelistv5
Published
2021-04-22 20:42
Modified
2024-08-03 20:11
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions < 5.5.1), SCALANCE X202-2P IRT PRO (All versions < 5.5.1), SCALANCE X204 IRT (All versions < 5.5.1), SCALANCE X204 IRT PRO (All versions < 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < 5.5.1), SCALANCE XF202-2P IRT (All versions < 5.5.1), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204 IRT (All versions < 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < 5.5.1), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5). Incorrect processing of POST requests in the web server may write out of bounds in stack. An attacker might leverage this to denial-of-service of the device or remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SCALANCE X200-4P IRT |
Version: All versions < 5.5.1 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SCALANCE X200-4P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE X201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE X201-3P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE X202-2 IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE X202-2P IRT (incl. SIPLUS NET variant)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE X202-2P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE X204 IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE X204 IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE X204-2 (incl. SIPLUS NET variant)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X204-2FM",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X204-2LD (incl. SIPLUS NET variant)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X204-2LD TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X204-2TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X206-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X206-1LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X208 (incl. SIPLUS NET variant)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X208PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X212-2 (incl. SIPLUS NET variant)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X212-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X216",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X224",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE XF201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE XF202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE XF204",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE XF204 IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE XF204-2 (incl. SIPLUS NET variant)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE XF204-2BA IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE XF206-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE XF208",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c 5.5.1), SCALANCE X201-3P IRT (All versions \u003c 5.5.1), SCALANCE X201-3P IRT PRO (All versions \u003c 5.5.1), SCALANCE X202-2 IRT (All versions \u003c 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions \u003c 5.5.1), SCALANCE X202-2P IRT PRO (All versions \u003c 5.5.1), SCALANCE X204 IRT (All versions \u003c 5.5.1), SCALANCE X204 IRT PRO (All versions \u003c 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X204-2FM (All versions \u003c V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X204-2LD TS (All versions \u003c V5.2.5), SCALANCE X204-2TS (All versions \u003c V5.2.5), SCALANCE X206-1 (All versions \u003c V5.2.5), SCALANCE X206-1LD (All versions \u003c V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X208PRO (All versions \u003c V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X212-2LD (All versions \u003c V5.2.5), SCALANCE X216 (All versions \u003c V5.2.5), SCALANCE X224 (All versions \u003c V5.2.5), SCALANCE XF201-3P IRT (All versions \u003c 5.5.1), SCALANCE XF202-2P IRT (All versions \u003c 5.5.1), SCALANCE XF204 (All versions \u003c V5.2.5), SCALANCE XF204 IRT (All versions \u003c 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE XF204-2BA IRT (All versions \u003c 5.5.1), SCALANCE XF206-1 (All versions \u003c V5.2.5), SCALANCE XF208 (All versions \u003c V5.2.5). Incorrect processing of POST requests in the web server may write out of bounds in stack. An attacker might leverage this to denial-of-service of the device or remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-14T10:47:24",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-25669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SCALANCE X200-4P IRT",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X201-3P IRT",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X201-3P IRT PRO",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X202-2 IRT",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X202-2P IRT (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X202-2P IRT PRO",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X204 IRT",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X204 IRT PRO",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X204-2 (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X204-2FM",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X204-2LD (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X204-2LD TS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X204-2TS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X206-1",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X206-1LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X208 (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X208PRO",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X212-2 (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X212-2LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X216",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X224",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE XF201-3P IRT",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE XF202-2P IRT",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE XF204",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE XF204 IRT",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE XF204-2 (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE XF204-2BA IRT",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE XF206-1",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE XF208",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c 5.5.1), SCALANCE X201-3P IRT (All versions \u003c 5.5.1), SCALANCE X201-3P IRT PRO (All versions \u003c 5.5.1), SCALANCE X202-2 IRT (All versions \u003c 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions \u003c 5.5.1), SCALANCE X202-2P IRT PRO (All versions \u003c 5.5.1), SCALANCE X204 IRT (All versions \u003c 5.5.1), SCALANCE X204 IRT PRO (All versions \u003c 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X204-2FM (All versions \u003c V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X204-2LD TS (All versions \u003c V5.2.5), SCALANCE X204-2TS (All versions \u003c V5.2.5), SCALANCE X206-1 (All versions \u003c V5.2.5), SCALANCE X206-1LD (All versions \u003c V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X208PRO (All versions \u003c V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X212-2LD (All versions \u003c V5.2.5), SCALANCE X216 (All versions \u003c V5.2.5), SCALANCE X224 (All versions \u003c V5.2.5), SCALANCE XF201-3P IRT (All versions \u003c 5.5.1), SCALANCE XF202-2P IRT (All versions \u003c 5.5.1), SCALANCE XF204 (All versions \u003c V5.2.5), SCALANCE XF204 IRT (All versions \u003c 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE XF204-2BA IRT (All versions \u003c 5.5.1), SCALANCE XF206-1 (All versions \u003c V5.2.5), SCALANCE XF208 (All versions \u003c V5.2.5). Incorrect processing of POST requests in the web server may write out of bounds in stack. An attacker might leverage this to denial-of-service of the device or remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-25669",
"datePublished": "2021-04-22T20:42:20",
"dateReserved": "2021-01-21T00:00:00",
"dateUpdated": "2024-08-03T20:11:27.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25668
Vulnerability from cvelistv5
Published
2021-04-22 20:42
Modified
2024-08-03 20:11
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions < 5.5.1), SCALANCE X202-2P IRT PRO (All versions < 5.5.1), SCALANCE X204 IRT (All versions < 5.5.1), SCALANCE X204 IRT PRO (All versions < 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < 5.5.1), SCALANCE XF202-2P IRT (All versions < 5.5.1), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204 IRT (All versions < 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < 5.5.1), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5). Incorrect processing of POST requests in the webserver may result in write out of bounds in heap. An attacker might leverage this to cause denial-of-service on the device and potentially remotely execute code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SCALANCE X200-4P IRT |
Version: All versions < 5.5.1 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SCALANCE X200-4P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE X201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE X201-3P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE X202-2 IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE X202-2P IRT (incl. SIPLUS NET variant)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE X202-2P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE X204 IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE X204 IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE X204-2 (incl. SIPLUS NET variant)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X204-2FM",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X204-2LD (incl. SIPLUS NET variant)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X204-2LD TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X204-2TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X206-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X206-1LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X208 (incl. SIPLUS NET variant)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X208PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X212-2 (incl. SIPLUS NET variant)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X212-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X216",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X224",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE XF201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE XF202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE XF204",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE XF204 IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE XF204-2 (incl. SIPLUS NET variant)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE XF204-2BA IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE XF206-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE XF208",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c 5.5.1), SCALANCE X201-3P IRT (All versions \u003c 5.5.1), SCALANCE X201-3P IRT PRO (All versions \u003c 5.5.1), SCALANCE X202-2 IRT (All versions \u003c 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions \u003c 5.5.1), SCALANCE X202-2P IRT PRO (All versions \u003c 5.5.1), SCALANCE X204 IRT (All versions \u003c 5.5.1), SCALANCE X204 IRT PRO (All versions \u003c 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X204-2FM (All versions \u003c V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X204-2LD TS (All versions \u003c V5.2.5), SCALANCE X204-2TS (All versions \u003c V5.2.5), SCALANCE X206-1 (All versions \u003c V5.2.5), SCALANCE X206-1LD (All versions \u003c V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X208PRO (All versions \u003c V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X212-2LD (All versions \u003c V5.2.5), SCALANCE X216 (All versions \u003c V5.2.5), SCALANCE X224 (All versions \u003c V5.2.5), SCALANCE XF201-3P IRT (All versions \u003c 5.5.1), SCALANCE XF202-2P IRT (All versions \u003c 5.5.1), SCALANCE XF204 (All versions \u003c V5.2.5), SCALANCE XF204 IRT (All versions \u003c 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE XF204-2BA IRT (All versions \u003c 5.5.1), SCALANCE XF206-1 (All versions \u003c V5.2.5), SCALANCE XF208 (All versions \u003c V5.2.5). Incorrect processing of POST requests in the webserver may result in write out of bounds in heap. An attacker might leverage this to cause denial-of-service on the device and potentially remotely execute code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-14T10:47:23",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-25668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SCALANCE X200-4P IRT",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X201-3P IRT",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X201-3P IRT PRO",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X202-2 IRT",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X202-2P IRT (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X202-2P IRT PRO",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X204 IRT",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X204 IRT PRO",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X204-2 (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X204-2FM",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X204-2LD (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X204-2LD TS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X204-2TS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X206-1",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X206-1LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X208 (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X208PRO",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X212-2 (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X212-2LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X216",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X224",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE XF201-3P IRT",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE XF202-2P IRT",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE XF204",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE XF204 IRT",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE XF204-2 (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE XF204-2BA IRT",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE XF206-1",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE XF208",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c 5.5.1), SCALANCE X201-3P IRT (All versions \u003c 5.5.1), SCALANCE X201-3P IRT PRO (All versions \u003c 5.5.1), SCALANCE X202-2 IRT (All versions \u003c 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions \u003c 5.5.1), SCALANCE X202-2P IRT PRO (All versions \u003c 5.5.1), SCALANCE X204 IRT (All versions \u003c 5.5.1), SCALANCE X204 IRT PRO (All versions \u003c 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X204-2FM (All versions \u003c V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X204-2LD TS (All versions \u003c V5.2.5), SCALANCE X204-2TS (All versions \u003c V5.2.5), SCALANCE X206-1 (All versions \u003c V5.2.5), SCALANCE X206-1LD (All versions \u003c V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X208PRO (All versions \u003c V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X212-2LD (All versions \u003c V5.2.5), SCALANCE X216 (All versions \u003c V5.2.5), SCALANCE X224 (All versions \u003c V5.2.5), SCALANCE XF201-3P IRT (All versions \u003c 5.5.1), SCALANCE XF202-2P IRT (All versions \u003c 5.5.1), SCALANCE XF204 (All versions \u003c V5.2.5), SCALANCE XF204 IRT (All versions \u003c 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE XF204-2BA IRT (All versions \u003c 5.5.1), SCALANCE XF206-1 (All versions \u003c V5.2.5), SCALANCE XF208 (All versions \u003c V5.2.5). Incorrect processing of POST requests in the webserver may result in write out of bounds in heap. An attacker might leverage this to cause denial-of-service on the device and potentially remotely execute code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-25668",
"datePublished": "2021-04-22T20:42:20",
"dateReserved": "2021-01-21T00:00:00",
"dateUpdated": "2024-08-03T20:11:27.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5709
Vulnerability from cvelistv5
Published
2013-09-17 10:00
Modified
2024-08-06 17:22
Severity ?
EPSS score ?
Summary
The authentication implementation in the web server on Siemens SCALANCE X-200 switches with firmware before 5.0.0 does not use a sufficient source of entropy for generating values of random numbers, which makes it easier for remote attackers to hijack sessions by predicting a value.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-850708.pdf | x_refsource_CONFIRM | |
| http://ics-cert.us-cert.gov/advisories/ICSA-13-254-01 | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-850708.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:22:31.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-850708.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-254-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-850708.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The authentication implementation in the web server on Siemens SCALANCE X-200 switches with firmware before 5.0.0 does not use a sufficient source of entropy for generating values of random numbers, which makes it easier for remote attackers to hijack sessions by predicting a value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-10T14:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-850708.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-254-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-850708.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The authentication implementation in the web server on Siemens SCALANCE X-200 switches with firmware before 5.0.0 does not use a sufficient source of entropy for generating values of random numbers, which makes it easier for remote attackers to hijack sessions by predicting a value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-850708.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-850708.pdf"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-254-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-254-01"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-850708.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-850708.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5709",
"datePublished": "2013-09-17T10:00:00",
"dateReserved": "2013-09-06T00:00:00",
"dateUpdated": "2024-08-06T17:22:31.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-04-22 21:15
Modified
2024-11-21 05:55
Severity ?
Summary
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions < 5.5.1), SCALANCE X202-2P IRT PRO (All versions < 5.5.1), SCALANCE X204 IRT (All versions < 5.5.1), SCALANCE X204 IRT PRO (All versions < 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < 5.5.1), SCALANCE XF202-2P IRT (All versions < 5.5.1), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204 IRT (All versions < 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < 5.5.1), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5). Incorrect processing of POST requests in the web server may write out of bounds in stack. An attacker might leverage this to denial-of-service of the device or remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x200-4p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADFA817F-7237-458A-8BCB-95551360E22A",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x200-4p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9CBC72-92D9-4B3A-884F-33124C457016",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x201-3p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47627D33-BE10-42EC-AD9A-7E3FE4ECF6E2",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3268CF75-6DAB-416A-B19B-2A8F95C268CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x201-3p_irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9328F7AC-5842-4525-9B30-7C8617063941",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "492E8AC1-338B-4AC3-90C7-1FADCD4528C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20883AFA-C61C-40DC-A343-3CDEA9B1B0AC",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "577D1E21-717C-4508-AE91-0BC490C89F85",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2p_irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA284180-566E-45D5-B3B6-4617B89FF4B6",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4726901-34BF-4F70-80A6-71648A4A29FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A15A02F-7C41-4495-AD4E-11201FE5771F",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC31F0E-389B-4925-88DE-726F2F0D2A23",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204_irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40FCE8E4-B527-4B2D-AC98-C6649EAB4EC0",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204_irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF096BA-A6F4-46B3-9B9B-7FCEE7E6A6C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE1A821-8F0A-4B96-AC8A-B219215014B1",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E38CE5A4-3EB1-4E93-BEB7-520E08DA6720",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2fm_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54201E08-15E3-4C93-9A0D-DC376B7C8D88",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2fm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCBC784-8EA0-4C6C-B504-DFC164028E4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75220631-DD7D-4E86-8405-F98340FFE27C",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE27611-53E7-4162-8630-5BC334B02E37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ld_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3032A499-DFD5-4FEA-8AC6-E661781387AB",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ld_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FDEBD6B-6BE4-4FAD-A4E6-BE762595434D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A493C49A-8BF9-43E5-98D5-55E5390A36A5",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FFC1E9-4326-4F41-A86A-C52AB6A9A674",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x206-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C9747F-BEC3-486E-B553-3339F8B54C3A",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x206-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5BB0F2-DD4C-4AB4-9B8F-B2501B239080",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x206-1ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8D68AC-8F30-4919-ADB3-A6018458602B",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x206-1ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFF7FB7-774B-45ED-8400-951230DF0511",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x208_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BC1450A-92ED-451F-9890-4E18CA974485",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B574E2-F7BA-496B-887C-D25F386AA5E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x208pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "768320F0-10F5-4B36-AEB6-9DEEA43A30E8",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x208pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF2C60CF-4089-4993-A2CB-B7FBDAF81D62",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x212-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31B8367C-5EAC-49F4-83B8-C7E3BD373092",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x212-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E716A4E-50A9-4C52-8DA9-098F7506F4B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x212-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55F50ABF-3E9A-4435-BAA4-7D11A2047D46",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x212-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C08CDEE3-43EB-475E-8571-6E12824714FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x216_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC643617-D0B7-4379-8ADB-2C2BACA4B165",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x216:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C4BAB5-E161-4B59-8A8C-369C7852A66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x224_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0189DF6-DA80-49FE-B09F-0C07D892518E",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x224:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2203895-BC4E-4B2F-9110-C2CD88A121F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf201-3p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A73DE9A4-A86D-44BB-828F-F358D0E8102C",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf201-3p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41614C70-97B4-44C8-A441-530A413A26F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf202-2p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA653B06-6B43-422B-9E51-4B29438841B4",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6751FB7D-C72C-4321-B535-5880FE696FC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CD13707-1164-415E-9083-7946D151F1FC",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1AE867-67B4-4871-BF56-88017533A737",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB90745-6B95-43A9-8211-DE32D1000827",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25DDF1EB-80E7-491F-A197-1B220E35CDF1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A09FF2D-F369-47B5-AEE4-A862BEDD9851",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69285324-4C0B-4BDC-B60D-F653679DD52D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204-2ba_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D634EE1A-2EB5-46FF-9E38-12DA3CDD3136",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204-2ba_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99E6AFAA-B903-47BB-B0F3-7650B039C0FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf206-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFCDC84E-0695-409A-844B-D24024CC33F2",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf206-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B40D2EB-5C69-47FA-801B-DC48407D418C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf208_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1DB6C03-71BF-4359-834B-384E78910E64",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898613B2-4A9D-44B9-A3FC-4347A2AD7CAB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2560F9B6-D121-4B82-A96F-81A0A4869616",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB62730-E759-455A-A308-F9DB084B35B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c 5.5.1), SCALANCE X201-3P IRT (All versions \u003c 5.5.1), SCALANCE X201-3P IRT PRO (All versions \u003c 5.5.1), SCALANCE X202-2 IRT (All versions \u003c 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions \u003c 5.5.1), SCALANCE X202-2P IRT PRO (All versions \u003c 5.5.1), SCALANCE X204 IRT (All versions \u003c 5.5.1), SCALANCE X204 IRT PRO (All versions \u003c 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X204-2FM (All versions \u003c V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X204-2LD TS (All versions \u003c V5.2.5), SCALANCE X204-2TS (All versions \u003c V5.2.5), SCALANCE X206-1 (All versions \u003c V5.2.5), SCALANCE X206-1LD (All versions \u003c V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X208PRO (All versions \u003c V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X212-2LD (All versions \u003c V5.2.5), SCALANCE X216 (All versions \u003c V5.2.5), SCALANCE X224 (All versions \u003c V5.2.5), SCALANCE XF201-3P IRT (All versions \u003c 5.5.1), SCALANCE XF202-2P IRT (All versions \u003c 5.5.1), SCALANCE XF204 (All versions \u003c V5.2.5), SCALANCE XF204 IRT (All versions \u003c 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE XF204-2BA IRT (All versions \u003c 5.5.1), SCALANCE XF206-1 (All versions \u003c V5.2.5), SCALANCE XF208 (All versions \u003c V5.2.5). Incorrect processing of POST requests in the web server may write out of bounds in stack. An attacker might leverage this to denial-of-service of the device or remote code execution."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SCALANCE X200-4P IRT (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE X201-3P IRT (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE X201-3P IRT PRO (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE X202-2 IRT (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE X202-2P IRT (Incluyendo las variantes SIPLUS NET) (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE X202-2P IRT PRO (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE X204 IRT (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE X204 IRT PRO (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE X204-2 (Incluyendo las variantes SIPLUS NET) (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X204-2FM (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X204-2LD (Incluyendo las variantes SIPLUS NET) (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X204-2LD TS (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X204-2TS (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X206-1 (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X206-1LD (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X208 (Incluyendo las variantes SIPLUS NET) (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X208PRO (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X212-2 (Incluyendo las variantes SIPLUS NET) (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X212-2LD (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X216 (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X224 (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE XF201-3P IRT (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE XF202-2P IRT (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE XF204 (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE XF204 IRT (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE XF204-2 (Incluyendo las variantes SIPLUS NET) (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE XF204-2BA IRT (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE XF206-1 (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE XF208 (Todas las versiones anteriores a la versi\u00f3n V5.2.5). El procesamiento inapropiado de las peticiones POST en el servidor web puede escribir fuera de l\u00edmites en la pila.\u0026#xa0;Un atacante podr\u00eda aprovechar esto para una Denegaci\u00f3n de Servicio del dispositivo o una ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2021-25669",
"lastModified": "2024-11-21T05:55:15.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-22T21:15:10.143",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-17 12:04
Modified
2024-11-21 01:57
Severity ?
Summary
The authentication implementation in the web server on Siemens SCALANCE X-200 switches with firmware before 5.0.0 does not use a sufficient source of entropy for generating values of random numbers, which makes it easier for remote attackers to hijack sessions by predicting a value.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x-200_series_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "756EF73B-3FF0-458A-AD4F-02D9F1895C56",
"versionEndIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:scalance_x-200_series_firmware:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17C52F7B-5B34-42B6-BE60-B24EDBE221C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x-200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FEF9F9F-4066-483B-BF95-3BA5625284DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:scalance_x-200rna:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BCF5B82-0766-4711-90E6-C2A6FACE44EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:scalance_x200-4p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9CBC72-92D9-4B3A-884F-33124C457016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3268CF75-6DAB-416A-B19B-2A8F95C268CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt:-:-:pro:*:*:*:*:*",
"matchCriteriaId": "21095E8E-A67B-448C-90B1-6234D931C005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8B1D979-038F-42F4-AB7D-E0664D051B4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB62730-E759-455A-A308-F9DB084B35B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt:-:-:pro:*:*:*:*:*",
"matchCriteriaId": "39CAF419-AB8D-4F79-A5E7-602A77D55E65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:scalance_x204irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6716DCDE-BD3F-4BA2-A66A-A0C14C6A3C15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:scalance_x204irt:-:-:pro:*:*:*:*:*",
"matchCriteriaId": "BB688C82-7454-4FD0-B484-C400E7FF4898",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:scalance_xf-200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB503096-C528-478C-BD07-019C2CC882E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The authentication implementation in the web server on Siemens SCALANCE X-200 switches with firmware before 5.0.0 does not use a sufficient source of entropy for generating values of random numbers, which makes it easier for remote attackers to hijack sessions by predicting a value."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de autentificaci\u00f3n en el servidor web de los switches Siemens SCALANCE X-200 con firmware anterior a 5.0.0 no utiliza suficiente fuente de entrop\u00eda para generar valores de numeros aleatorios, lo que hace mucho m\u00e1s f\u00e1cil para un atacante remoto secuestrar sesiones prediciendo un valor."
}
],
"id": "CVE-2013-5709",
"lastModified": "2024-11-21T01:57:59.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 8.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-17T12:04:28.820",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-254-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-850708.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-850708.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-254-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-850708.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-850708.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-12 10:15
Modified
2024-11-21 06:54
Severity ?
9.6 (Critical) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7CC15F-1CC5-414E-A243-9C9C35F954CF",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E38CE5A4-3EB1-4E93-BEB7-520E08DA6720",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2fm_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC81E9A8-2FED-4E24-B1D3-85E4E5032FA9",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2fm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCBC784-8EA0-4C6C-B504-DFC164028E4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB41E26-CBC9-4244-9CD3-0EC9D65C5087",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE27611-53E7-4162-8630-5BC334B02E37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ld_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE711C34-E9F1-46C8-B52E-F1833306E968",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ld_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FDEBD6B-6BE4-4FAD-A4E6-BE762595434D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB964676-5A88-460D-AFF5-EEFE4EE9D135",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FFC1E9-4326-4F41-A86A-C52AB6A9A674",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x206-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48DBE5A6-DF82-4383-B9D3-4A7334F569D8",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x206-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5BB0F2-DD4C-4AB4-9B8F-B2501B239080",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x206-1ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A105670-E8C6-4C69-B4EF-EB4B56DC8D30",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x206-1ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFF7FB7-774B-45ED-8400-951230DF0511",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x208_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02394BC6-4048-4ADC-9878-E20CBE2D9F78",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B574E2-F7BA-496B-887C-D25F386AA5E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x208_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55201B05-1A02-4D54-85A0-586D23E10E6D",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x208_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C9BA52-59BD-49B2-B932-9A364D9E6365",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x212-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83149C2D-F2FD-40A7-B2D0-85528E94DC05",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x212-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E716A4E-50A9-4C52-8DA9-098F7506F4B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x212-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B82FACB-B526-4EC6-9A29-2B0E1EA09AC4",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x212-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C08CDEE3-43EB-475E-8571-6E12824714FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x216_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C526C0C4-3AFD-4945-B296-2AFA9D52ED6C",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x216:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C4BAB5-E161-4B59-8A8C-369C7852A66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x224_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34CD00B1-8169-49DB-B842-F0C6D70BBCD8",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x224:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2203895-BC4E-4B2F-9110-C2CD88A121F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7D8017-DB9B-4396-8ABD-134AE7522577",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1AE867-67B4-4871-BF56-88017533A737",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB0658D-EB75-4B33-B840-82895017EB81",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69285324-4C0B-4BDC-B60D-F653679DD52D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf206-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0493014-8AEF-477F-BC42-8B801B836F15",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf206-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B40D2EB-5C69-47FA-801B-DC48407D418C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf208_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0B21DF-5104-4EE5-B3C7-BFBB5DB1DC7C",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898613B2-4A9D-44B9-A3FC-4347A2AD7CAB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x200-4p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D98140A2-BA47-4E55-A796-FAC211B35CA9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x200-4p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9CBC72-92D9-4B3A-884F-33124C457016",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x201-3p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F45960F-8E24-497B-86D3-40816FDAFCAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3268CF75-6DAB-416A-B19B-2A8F95C268CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x201-3p_irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E81C7358-632C-47AC-A2D2-F3C390CC452A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "492E8AC1-338B-4AC3-90C7-1FADCD4528C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46CDE701-7989-4CB3-9E32-F802CD9F72B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8B1D979-038F-42F4-AB7D-E0664D051B4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11AEF3D6-96B0-431F-A664-E8E281CDA61C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB62730-E759-455A-A308-F9DB084B35B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2p_irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70610406-76B7-47E6-A389-622074C72617",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4726901-34BF-4F70-80A6-71648A4A29FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "526B5B4E-4482-4CD4-AE7C-120CC08FB74E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6716DCDE-BD3F-4BA2-A66A-A0C14C6A3C15",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23DA897E-DEF8-4A49-8EEB-07FBB82061F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1769DB7A-F832-4D89-8ED0-8677F750059D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf201-3p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C4E4AA9-CDFF-4742-8680-79711FBE865D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf201-3p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41614C70-97B4-44C8-A441-530A413A26F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf202-2p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08E037EF-75CD-4A27-96BC-7DAF113A7BE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6751FB7D-C72C-4321-B535-5880FE696FC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204-2ba_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F316894-3BBB-4B72-8636-23868BF557AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204-2ba_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99E6AFAA-B903-47BB-B0F3-7650B039C0FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A192C830-E846-42FE-9AD2-1AAECDE1FCE3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57E5489B-277A-4D02-B4AB-4DB65969EED2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT PRO (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT PRO (All versions \u003c V5.5.2), SCALANCE X204-2 (All versions \u003c V5.2.6), SCALANCE X204-2FM (All versions \u003c V5.2.6), SCALANCE X204-2LD (All versions \u003c V5.2.6), SCALANCE X204-2LD TS (All versions \u003c V5.2.6), SCALANCE X204-2TS (All versions \u003c V5.2.6), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT PRO (All versions \u003c V5.5.2), SCALANCE X206-1 (All versions \u003c V5.2.6), SCALANCE X206-1LD (All versions \u003c V5.2.6), SCALANCE X208 (All versions \u003c V5.2.6), SCALANCE X208PRO (All versions \u003c V5.2.6), SCALANCE X212-2 (All versions \u003c V5.2.6), SCALANCE X212-2LD (All versions \u003c V5.2.6), SCALANCE X216 (All versions \u003c V5.2.6), SCALANCE X224 (All versions \u003c V5.2.6), SCALANCE XF201-3P IRT (All versions \u003c V5.5.2), SCALANCE XF202-2P IRT (All versions \u003c V5.5.2), SCALANCE XF204 (All versions \u003c V5.2.6), SCALANCE XF204-2 (All versions \u003c V5.2.6), SCALANCE XF204-2BA IRT (All versions \u003c V5.5.2), SCALANCE XF204IRT (All versions \u003c V5.5.2), SCALANCE XF206-1 (All versions \u003c V5.2.6), SCALANCE XF208 (All versions \u003c V5.2.6). Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SCALANCE X200-4P IRT (Todas las versiones), SCALANCE X200-4P IRT (Todas las versiones), SCALANCE X201-3P IRT (Todas las versiones), SCALANCE X201-3P IRT (Todas las versiones), SCALANCE X201-3P IRT PRO (Todas las versiones) SCALANCE X202-2IRT (Todas las versiones), SCALANCE X202-2IRT (Todas las versiones), SCALANCE X202-2P IRT (Todas las versiones), SCALANCE X202-2P IRT (Todas las versiones), SCALANCE X202-2P IRT PRO (Todas las versiones), SCALANCE X202-2P IRT PRO (Todas las versiones), SCALANCE X204-2 (Todas las versiones anteriores a V5. 2.6), SCALANCE X204-2FM (Todas las versiones anteriores a V5.2.6), SCALANCE X204-2LD (Todas las versiones anteriores a V5.2.6), SCALANCE X204-2LD TS (Todas las versiones anteriores a V5.2.6), SCALANCE X204-2TS (Todas las versiones anteriores a V5.2. 6), SCALANCE X204IRT (Todas las versiones), SCALANCE X204IRT (Todas las versiones), SCALANCE X204IRT PRO (Todas las versiones), SCALANCE X204IRT PRO (Todas las versiones), SCALANCE X206-1 (Todas las versiones anteriores a V5.2.6), SCALANCE X206-1LD (Todas las versiones anteriores a V5. 2.6), SCALANCE X208 (Todas las versiones anteriores a V5.2.6), SCALANCE X208PRO (Todas las versiones anteriores a V5.2.6), SCALANCE X212-2 (Todas las versiones anteriores a V5.2.6), SCALANCE X212-2LD (Todas las versiones anteriores a V5.2.6), SCALANCE X216 (Todas las versiones anteriores a V5. 2.6), SCALANCE X224 (Todas las versiones anteriores a V5.2.6), SCALANCE XF201-3P IRT (Todas las versiones), SCALANCE XF202-2P IRT (Todas las versiones), SCALANCE XF204 (Todas las versiones anteriores a V5.2.6), SCALANCE XF204-2 (Todas las versiones anteriores a V5. 2.6), SCALANCE XF204-2BA IRT (Todas las versiones), SCALANCE XF204IRT (Todas las versiones), SCALANCE XF204IRT (Todas las versiones), SCALANCE XF206-1 (Todas las versiones anteriores a V5.2.6), SCALANCE XF208 (Todas las versiones anteriores a V5.2.6). Los dispositivos afectados no comprueban correctamente el URI de las peticiones HTTP GET entrantes. Esto podr\u00eda permitir a un atacante remoto no autenticado bloquear los dispositivos afectados"
}
],
"id": "CVE-2022-26649",
"lastModified": "2024-11-21T06:54:15.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2022-07-12T10:15:10.367",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-12 10:15
Modified
2024-11-21 06:54
Severity ?
8.2 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7CC15F-1CC5-414E-A243-9C9C35F954CF",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E38CE5A4-3EB1-4E93-BEB7-520E08DA6720",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2fm_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC81E9A8-2FED-4E24-B1D3-85E4E5032FA9",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2fm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCBC784-8EA0-4C6C-B504-DFC164028E4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB41E26-CBC9-4244-9CD3-0EC9D65C5087",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE27611-53E7-4162-8630-5BC334B02E37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ld_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE711C34-E9F1-46C8-B52E-F1833306E968",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ld_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FDEBD6B-6BE4-4FAD-A4E6-BE762595434D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB964676-5A88-460D-AFF5-EEFE4EE9D135",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FFC1E9-4326-4F41-A86A-C52AB6A9A674",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x206-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48DBE5A6-DF82-4383-B9D3-4A7334F569D8",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x206-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5BB0F2-DD4C-4AB4-9B8F-B2501B239080",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x206-1ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A105670-E8C6-4C69-B4EF-EB4B56DC8D30",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x206-1ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFF7FB7-774B-45ED-8400-951230DF0511",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x208_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02394BC6-4048-4ADC-9878-E20CBE2D9F78",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B574E2-F7BA-496B-887C-D25F386AA5E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x208_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55201B05-1A02-4D54-85A0-586D23E10E6D",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x208_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C9BA52-59BD-49B2-B932-9A364D9E6365",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x212-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83149C2D-F2FD-40A7-B2D0-85528E94DC05",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x212-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E716A4E-50A9-4C52-8DA9-098F7506F4B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x212-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B82FACB-B526-4EC6-9A29-2B0E1EA09AC4",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x212-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C08CDEE3-43EB-475E-8571-6E12824714FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x216_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C526C0C4-3AFD-4945-B296-2AFA9D52ED6C",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x216:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C4BAB5-E161-4B59-8A8C-369C7852A66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x224_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34CD00B1-8169-49DB-B842-F0C6D70BBCD8",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x224:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2203895-BC4E-4B2F-9110-C2CD88A121F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7D8017-DB9B-4396-8ABD-134AE7522577",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1AE867-67B4-4871-BF56-88017533A737",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB0658D-EB75-4B33-B840-82895017EB81",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69285324-4C0B-4BDC-B60D-F653679DD52D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf206-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0493014-8AEF-477F-BC42-8B801B836F15",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf206-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B40D2EB-5C69-47FA-801B-DC48407D418C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf208_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0B21DF-5104-4EE5-B3C7-BFBB5DB1DC7C",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898613B2-4A9D-44B9-A3FC-4347A2AD7CAB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x200-4p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D98140A2-BA47-4E55-A796-FAC211B35CA9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x200-4p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9CBC72-92D9-4B3A-884F-33124C457016",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x201-3p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F45960F-8E24-497B-86D3-40816FDAFCAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3268CF75-6DAB-416A-B19B-2A8F95C268CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x201-3p_irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E81C7358-632C-47AC-A2D2-F3C390CC452A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "492E8AC1-338B-4AC3-90C7-1FADCD4528C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46CDE701-7989-4CB3-9E32-F802CD9F72B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8B1D979-038F-42F4-AB7D-E0664D051B4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11AEF3D6-96B0-431F-A664-E8E281CDA61C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB62730-E759-455A-A308-F9DB084B35B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2p_irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70610406-76B7-47E6-A389-622074C72617",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4726901-34BF-4F70-80A6-71648A4A29FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "526B5B4E-4482-4CD4-AE7C-120CC08FB74E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6716DCDE-BD3F-4BA2-A66A-A0C14C6A3C15",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23DA897E-DEF8-4A49-8EEB-07FBB82061F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1769DB7A-F832-4D89-8ED0-8677F750059D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf201-3p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C4E4AA9-CDFF-4742-8680-79711FBE865D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf201-3p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41614C70-97B4-44C8-A441-530A413A26F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf202-2p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08E037EF-75CD-4A27-96BC-7DAF113A7BE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6751FB7D-C72C-4321-B535-5880FE696FC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204-2ba_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F316894-3BBB-4B72-8636-23868BF557AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204-2ba_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99E6AFAA-B903-47BB-B0F3-7650B039C0FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A192C830-E846-42FE-9AD2-1AAECDE1FCE3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57E5489B-277A-4D02-B4AB-4DB65969EED2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT PRO (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT PRO (All versions \u003c V5.5.2), SCALANCE X204-2 (All versions \u003c V5.2.6), SCALANCE X204-2FM (All versions \u003c V5.2.6), SCALANCE X204-2LD (All versions \u003c V5.2.6), SCALANCE X204-2LD TS (All versions \u003c V5.2.6), SCALANCE X204-2TS (All versions \u003c V5.2.6), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT PRO (All versions \u003c V5.5.2), SCALANCE X206-1 (All versions \u003c V5.2.6), SCALANCE X206-1LD (All versions \u003c V5.2.6), SCALANCE X208 (All versions \u003c V5.2.6), SCALANCE X208PRO (All versions \u003c V5.2.6), SCALANCE X212-2 (All versions \u003c V5.2.6), SCALANCE X212-2LD (All versions \u003c V5.2.6), SCALANCE X216 (All versions \u003c V5.2.6), SCALANCE X224 (All versions \u003c V5.2.6), SCALANCE XF201-3P IRT (All versions \u003c V5.5.2), SCALANCE XF202-2P IRT (All versions \u003c V5.5.2), SCALANCE XF204 (All versions \u003c V5.2.6), SCALANCE XF204-2 (All versions \u003c V5.2.6), SCALANCE XF204-2BA IRT (All versions \u003c V5.5.2), SCALANCE XF204IRT (All versions \u003c V5.5.2), SCALANCE XF206-1 (All versions \u003c V5.2.6), SCALANCE XF208 (All versions \u003c V5.2.6). Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SCALANCE X200-4P IRT (Todas las versiones), SCALANCE X200-4P IRT (Todas las versiones), SCALANCE X201-3P IRT (Todas las versiones), SCALANCE X201-3P IRT (Todas las versiones), SCALANCE X201-3P IRT PRO (Todas las versiones) SCALANCE X202-2IRT (Todas las versiones), SCALANCE X202-2IRT (Todas las versiones), SCALANCE X202-2P IRT (Todas las versiones), SCALANCE X202-2P IRT (Todas las versiones), SCALANCE X202-2P IRT PRO (Todas las versiones), SCALANCE X202-2P IRT PRO (Todas las versiones), SCALANCE X204-2 (Todas las versiones anteriores a V5. 2.6), SCALANCE X204-2FM (Todas las versiones anteriores a V5.2.6), SCALANCE X204-2LD (Todas las versiones anteriores a V5.2.6), SCALANCE X204-2LD TS (Todas las versiones anteriores a V5.2.6), SCALANCE X204-2TS (Todas las versiones anteriores a V5.2. 6), SCALANCE X204IRT (Todas las versiones), SCALANCE X204IRT (Todas las versiones), SCALANCE X204IRT PRO (Todas las versiones), SCALANCE X204IRT PRO (Todas las versiones), SCALANCE X206-1 (Todas las versiones anteriores a V5.2.6), SCALANCE X206-1LD (Todas las versiones anteriores a V5. 2.6), SCALANCE X208 (Todas las versiones anteriores a V5.2.6), SCALANCE X208PRO (Todas las versiones anteriores a V5.2.6), SCALANCE X212-2 (Todas las versiones anteriores a V5.2.6), SCALANCE X212-2LD (Todas las versiones anteriores a V5.2.6), SCALANCE X216 (Todas las versiones anteriores a V5. 2.6), SCALANCE X224 (Todas las versiones anteriores a V5.2.6), SCALANCE XF201-3P IRT (Todas las versiones), SCALANCE XF202-2P IRT (Todas las versiones), SCALANCE XF204 (Todas las versiones anteriores a V5.2.6), SCALANCE XF204-2 (Todas las versiones anteriores a V5. 2.6), SCALANCE XF204-2BA IRT (Todas las versiones), SCALANCE XF204IRT (Todas las versiones), SCALANCE XF204IRT (Todas las versiones), SCALANCE XF206-1 (Todas las versiones anteriores a V5.2.6), SCALANCE XF208 (Todas las versiones anteriores a V5.2.6). Los dispositivos afectados no comprueban correctamente el par\u00e1metro GET XNo de las peticiones HTTP entrantes. Esto podr\u00eda permitir a un atacante remoto no autenticado bloquear los dispositivos afectados"
}
],
"id": "CVE-2022-26648",
"lastModified": "2024-11-21T06:54:15.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 5.3,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2022-07-12T10:15:10.313",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-05-24 20:55
Modified
2024-11-21 01:54
Severity ?
Summary
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The user privileges for the web interface are only enforced on client side and not properly verified on server side. Therefore, an attacker is able to execute privileged commands using an unprivileged account.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x200irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50D308F8-83C2-4404-9C12-7A033006A350",
"versionEndIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x200-4p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9CBC72-92D9-4B3A-884F-33124C457016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3268CF75-6DAB-416A-B19B-2A8F95C268CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt:-:-:pro:*:*:*:*:*",
"matchCriteriaId": "21095E8E-A67B-448C-90B1-6234D931C005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8B1D979-038F-42F4-AB7D-E0664D051B4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB62730-E759-455A-A308-F9DB084B35B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt:-:-:pro:*:*:*:*:*",
"matchCriteriaId": "39CAF419-AB8D-4F79-A5E7-602A77D55E65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:scalance_x204irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6716DCDE-BD3F-4BA2-A66A-A0C14C6A3C15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:scalance_x204irt:-:-:pro:*:*:*:*:*",
"matchCriteriaId": "BB688C82-7454-4FD0-B484-C400E7FF4898",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57E5489B-277A-4D02-B4AB-4DB65969EED2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions \u003c V5.0.0 for CVE-2013-3633 and versions \u003c V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.1.0). The user privileges for the web interface are only enforced on client side and not properly verified on server side. Therefore, an attacker is able to execute privileged commands using an unprivileged account."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en la familia de conmutadores SCALANCE X-200 (incluidas las variantes SIPLUS NET) (Versiones anteriores a la versi\u00f3n V5.0.0 para CVE-2013-3633 y versiones anteriores a la versi\u00f3n V4.5.0 para CVE-2013-3634), conmutador SCALANCE X-200IRT familia (incluidas las variantes SIPLUS NET) (Todas las versiones anteriores a la versi\u00f3n V5.1.0). Los privilegios de usuario para la interfaz web solo se aplican en el lado del cliente y no se verifican adecuadamente en el lado del servidor. Por lo tanto, un atacante puede ejecutar comandos con privilegios utilizando una cuenta sin privilegios."
}
],
"id": "CVE-2013-3633",
"lastModified": "2024-11-21T01:54:01.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 8.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-05-24T20:55:01.737",
"references": [
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-22 21:15
Modified
2024-11-21 05:55
Severity ?
Summary
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions < 5.5.1), SCALANCE X202-2P IRT PRO (All versions < 5.5.1), SCALANCE X204 IRT (All versions < 5.5.1), SCALANCE X204 IRT PRO (All versions < 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < 5.5.1), SCALANCE XF202-2P IRT (All versions < 5.5.1), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204 IRT (All versions < 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < 5.5.1), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5). Incorrect processing of POST requests in the webserver may result in write out of bounds in heap. An attacker might leverage this to cause denial-of-service on the device and potentially remotely execute code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x200-4p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADFA817F-7237-458A-8BCB-95551360E22A",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x200-4p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9CBC72-92D9-4B3A-884F-33124C457016",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x201-3p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47627D33-BE10-42EC-AD9A-7E3FE4ECF6E2",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3268CF75-6DAB-416A-B19B-2A8F95C268CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x201-3p_irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9328F7AC-5842-4525-9B30-7C8617063941",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "492E8AC1-338B-4AC3-90C7-1FADCD4528C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20883AFA-C61C-40DC-A343-3CDEA9B1B0AC",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "577D1E21-717C-4508-AE91-0BC490C89F85",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2p_irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA284180-566E-45D5-B3B6-4617B89FF4B6",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4726901-34BF-4F70-80A6-71648A4A29FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A15A02F-7C41-4495-AD4E-11201FE5771F",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC31F0E-389B-4925-88DE-726F2F0D2A23",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204_irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40FCE8E4-B527-4B2D-AC98-C6649EAB4EC0",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204_irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF096BA-A6F4-46B3-9B9B-7FCEE7E6A6C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE1A821-8F0A-4B96-AC8A-B219215014B1",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E38CE5A4-3EB1-4E93-BEB7-520E08DA6720",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2fm_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54201E08-15E3-4C93-9A0D-DC376B7C8D88",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2fm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCBC784-8EA0-4C6C-B504-DFC164028E4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75220631-DD7D-4E86-8405-F98340FFE27C",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE27611-53E7-4162-8630-5BC334B02E37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ld_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3032A499-DFD5-4FEA-8AC6-E661781387AB",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ld_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FDEBD6B-6BE4-4FAD-A4E6-BE762595434D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A493C49A-8BF9-43E5-98D5-55E5390A36A5",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FFC1E9-4326-4F41-A86A-C52AB6A9A674",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x206-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C9747F-BEC3-486E-B553-3339F8B54C3A",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x206-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5BB0F2-DD4C-4AB4-9B8F-B2501B239080",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x206-1ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8D68AC-8F30-4919-ADB3-A6018458602B",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x206-1ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFF7FB7-774B-45ED-8400-951230DF0511",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x208_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BC1450A-92ED-451F-9890-4E18CA974485",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B574E2-F7BA-496B-887C-D25F386AA5E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x208pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "768320F0-10F5-4B36-AEB6-9DEEA43A30E8",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x208pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF2C60CF-4089-4993-A2CB-B7FBDAF81D62",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x212-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31B8367C-5EAC-49F4-83B8-C7E3BD373092",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x212-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E716A4E-50A9-4C52-8DA9-098F7506F4B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x212-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55F50ABF-3E9A-4435-BAA4-7D11A2047D46",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x212-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C08CDEE3-43EB-475E-8571-6E12824714FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x216_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC643617-D0B7-4379-8ADB-2C2BACA4B165",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x216:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C4BAB5-E161-4B59-8A8C-369C7852A66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x224_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0189DF6-DA80-49FE-B09F-0C07D892518E",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x224:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2203895-BC4E-4B2F-9110-C2CD88A121F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf201-3p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A73DE9A4-A86D-44BB-828F-F358D0E8102C",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf201-3p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41614C70-97B4-44C8-A441-530A413A26F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf202-2p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA653B06-6B43-422B-9E51-4B29438841B4",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6751FB7D-C72C-4321-B535-5880FE696FC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CD13707-1164-415E-9083-7946D151F1FC",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1AE867-67B4-4871-BF56-88017533A737",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB90745-6B95-43A9-8211-DE32D1000827",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25DDF1EB-80E7-491F-A197-1B220E35CDF1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A09FF2D-F369-47B5-AEE4-A862BEDD9851",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69285324-4C0B-4BDC-B60D-F653679DD52D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204-2ba_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D634EE1A-2EB5-46FF-9E38-12DA3CDD3136",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204-2ba_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99E6AFAA-B903-47BB-B0F3-7650B039C0FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf206-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFCDC84E-0695-409A-844B-D24024CC33F2",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf206-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B40D2EB-5C69-47FA-801B-DC48407D418C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf208_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1DB6C03-71BF-4359-834B-384E78910E64",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898613B2-4A9D-44B9-A3FC-4347A2AD7CAB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2560F9B6-D121-4B82-A96F-81A0A4869616",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB62730-E759-455A-A308-F9DB084B35B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c 5.5.1), SCALANCE X201-3P IRT (All versions \u003c 5.5.1), SCALANCE X201-3P IRT PRO (All versions \u003c 5.5.1), SCALANCE X202-2 IRT (All versions \u003c 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions \u003c 5.5.1), SCALANCE X202-2P IRT PRO (All versions \u003c 5.5.1), SCALANCE X204 IRT (All versions \u003c 5.5.1), SCALANCE X204 IRT PRO (All versions \u003c 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X204-2FM (All versions \u003c V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X204-2LD TS (All versions \u003c V5.2.5), SCALANCE X204-2TS (All versions \u003c V5.2.5), SCALANCE X206-1 (All versions \u003c V5.2.5), SCALANCE X206-1LD (All versions \u003c V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X208PRO (All versions \u003c V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X212-2LD (All versions \u003c V5.2.5), SCALANCE X216 (All versions \u003c V5.2.5), SCALANCE X224 (All versions \u003c V5.2.5), SCALANCE XF201-3P IRT (All versions \u003c 5.5.1), SCALANCE XF202-2P IRT (All versions \u003c 5.5.1), SCALANCE XF204 (All versions \u003c V5.2.5), SCALANCE XF204 IRT (All versions \u003c 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE XF204-2BA IRT (All versions \u003c 5.5.1), SCALANCE XF206-1 (All versions \u003c V5.2.5), SCALANCE XF208 (All versions \u003c V5.2.5). Incorrect processing of POST requests in the webserver may result in write out of bounds in heap. An attacker might leverage this to cause denial-of-service on the device and potentially remotely execute code."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SCALANCE X200-4P IRT (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE X201-3P IRT (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE X201-3P IRT PRO (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE X202-2 IRT (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE X202-2P IRT (Incluyendo las variantes SIPLUS) (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE X202-2P IRT PRO (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE X204 IRT (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE X204 IRT PRO (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE X204-2 (Incluyendo las variantes SIPLUS) (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X204-2FM (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X204-2LD (Incluyendo las variantes SIPLUS) (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X204-2LD TS (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X204-2TS (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X206-1 (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X206-1LD (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X208 (Incluyendo las variantes SIPLUS) (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X208PRO (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X212-2 (Incluyendo las variantes SIPLUS) (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X212-2LD (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X216 (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X224 (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE XF201-3P IRT (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE XF202-2P IRT (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE XF204 (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE XF204 IRT (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE XF204-2 (Incluyendo las variantes SIPLUS) (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE XF204-2BA IRT (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE XF206-1 (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE XF208 (Todas las versiones anteriores a la versi\u00f3n V5.2.5). Un procesamiento incorrecto de las peticiones POST en el servidor web puede resultar en una escritura fuera de l\u00edmites en la pila. Un atacante puede aprovechar esto para causar una denegaci\u00f3n de servicio en el dispositivo y potencialmente ejecutar c\u00f3digo remotamente"
}
],
"id": "CVE-2021-25668",
"lastModified": "2024-11-21T05:55:15.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-22T21:15:10.110",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-11 10:15
Modified
2024-11-21 07:56
Severity ?
6.7 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.2). The SSH server on affected devices is configured to offer weak ciphers by default.
This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data
passed over the connection between legitimate clients and the affected device.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x200-4p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22AB35F0-99D8-4E09-B76B-5CEA0F2916D5",
"versionEndExcluding": "5.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x200-4p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9CBC72-92D9-4B3A-884F-33124C457016",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x201-3p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04EC0D48-53B2-42B4-B008-976664B31161",
"versionEndExcluding": "5.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3268CF75-6DAB-416A-B19B-2A8F95C268CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x201-3p_irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72870433-6CC1-4574-B8E4-A456A348A6C1",
"versionEndExcluding": "5.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "492E8AC1-338B-4AC3-90C7-1FADCD4528C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2177B7B-099A-40E5-BA2F-C7CB4DAA7EEA",
"versionEndExcluding": "5.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8B1D979-038F-42F4-AB7D-E0664D051B4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2177B7B-099A-40E5-BA2F-C7CB4DAA7EEA",
"versionEndExcluding": "5.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8B1D979-038F-42F4-AB7D-E0664D051B4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799E0913-E071-4136-96F0-27FF40FD7D22",
"versionEndExcluding": "5.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB62730-E759-455A-A308-F9DB084B35B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2p_irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3C17B6E-FE1B-4A56-89C2-6B1060B09139",
"versionEndExcluding": "5.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4726901-34BF-4F70-80A6-71648A4A29FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D66C306-B0E0-4000-AD3C-80E20E538726",
"versionEndExcluding": "5.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6716DCDE-BD3F-4BA2-A66A-A0C14C6A3C15",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D66C306-B0E0-4000-AD3C-80E20E538726",
"versionEndExcluding": "5.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6716DCDE-BD3F-4BA2-A66A-A0C14C6A3C15",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F812AD70-3AEB-4F35-B8B1-C0D76AE1C1D8",
"versionEndExcluding": "5.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1769DB7A-F832-4D89-8ED0-8677F750059D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf201-3p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6835BD4D-2EE0-4484-A5F1-6B4C472F2C57",
"versionEndExcluding": "5.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf201-3p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41614C70-97B4-44C8-A441-530A413A26F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf202-2p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5244AF-43E2-4A2B-AD60-4F54394D636D",
"versionEndExcluding": "5.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6751FB7D-C72C-4321-B535-5880FE696FC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204-2ba_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71460FAA-58B5-44BD-8C3F-85919D4ADDEB",
"versionEndExcluding": "5.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204-2ba_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99E6AFAA-B903-47BB-B0F3-7650B039C0FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5917B7D6-894F-487D-8CD5-12542CC6693A",
"versionEndExcluding": "5.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57E5489B-277A-4D02-B4AB-4DB65969EED2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_net_scalance_x202-2p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0D2E73C-B605-4DD3-AD04-85CF154E95A1",
"versionEndExcluding": "5.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_net_scalance_x202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C3504F0-D0F4-4106-824E-A87E46DADC3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT PRO (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT PRO (All versions \u003c V5.5.2), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT PRO (All versions \u003c V5.5.2), SCALANCE XF201-3P IRT (All versions \u003c V5.5.2), SCALANCE XF202-2P IRT (All versions \u003c V5.5.2), SCALANCE XF204-2BA IRT (All versions \u003c V5.5.2), SCALANCE XF204IRT (All versions \u003c V5.5.2), SIPLUS NET SCALANCE X202-2P IRT (All versions \u003c V5.5.2). The SSH server on affected devices is configured to offer weak ciphers by default.\r\n\r\nThis could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data\r\npassed over the connection between legitimate clients and the affected device."
}
],
"id": "CVE-2023-29054",
"lastModified": "2024-11-21T07:56:27.647",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.5,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-11T10:15:18.517",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479249.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479249.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-05-24 20:55
Modified
2024-11-21 01:54
Severity ?
Summary
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The implementation of SNMPv3 does not check the user credentials sufficiently. Therefore, an attacker is able to execute SNMP commands without correct credentials.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x200irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50D308F8-83C2-4404-9C12-7A033006A350",
"versionEndIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x200-4p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9CBC72-92D9-4B3A-884F-33124C457016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3268CF75-6DAB-416A-B19B-2A8F95C268CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt:-:-:pro:*:*:*:*:*",
"matchCriteriaId": "21095E8E-A67B-448C-90B1-6234D931C005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8B1D979-038F-42F4-AB7D-E0664D051B4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB62730-E759-455A-A308-F9DB084B35B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt:-:-:pro:*:*:*:*:*",
"matchCriteriaId": "39CAF419-AB8D-4F79-A5E7-602A77D55E65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:scalance_x204irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6716DCDE-BD3F-4BA2-A66A-A0C14C6A3C15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:scalance_x204irt:-:-:pro:*:*:*:*:*",
"matchCriteriaId": "BB688C82-7454-4FD0-B484-C400E7FF4898",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57E5489B-277A-4D02-B4AB-4DB65969EED2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions \u003c V5.0.0 for CVE-2013-3633 and versions \u003c V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.1.0). The implementation of SNMPv3 does not check the user credentials sufficiently. Therefore, an attacker is able to execute SNMP commands without correct credentials."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en la familia de conmutadores SCALANCE X-200 (incluidas las variantes SIPLUS NET) (Versiones anteriores a la versi\u00f3n V5.0.0 para CVE-2013-3633 y versiones anteriores a la versi\u00f3n V4.5.0 para CVE-2013-3634), conmutador SCALANCE X-200IRT familia (incluidas las variantes SIPLUS NET) (Todas las versiones anteriores a la versi\u00f3n V5.1.0). La implementaci\u00f3n de SNMPv3 no verifica suficientemente las credenciales de usuario. Por lo tanto, un atacante puede ejecutar comandos SNMP sin las credenciales correctas."
}
],
"id": "CVE-2013-3634",
"lastModified": "2024-11-21T01:54:01.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-05-24T20:55:01.767",
"references": [
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-12 10:15
Modified
2024-11-21 06:54
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x200-4p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D98140A2-BA47-4E55-A796-FAC211B35CA9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x200-4p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9CBC72-92D9-4B3A-884F-33124C457016",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x201-3p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F45960F-8E24-497B-86D3-40816FDAFCAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3268CF75-6DAB-416A-B19B-2A8F95C268CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x201-3p_irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E81C7358-632C-47AC-A2D2-F3C390CC452A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "492E8AC1-338B-4AC3-90C7-1FADCD4528C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46CDE701-7989-4CB3-9E32-F802CD9F72B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8B1D979-038F-42F4-AB7D-E0664D051B4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11AEF3D6-96B0-431F-A664-E8E281CDA61C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB62730-E759-455A-A308-F9DB084B35B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2p_irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70610406-76B7-47E6-A389-622074C72617",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4726901-34BF-4F70-80A6-71648A4A29FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7CC15F-1CC5-414E-A243-9C9C35F954CF",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E38CE5A4-3EB1-4E93-BEB7-520E08DA6720",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2fm_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC81E9A8-2FED-4E24-B1D3-85E4E5032FA9",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2fm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCBC784-8EA0-4C6C-B504-DFC164028E4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB41E26-CBC9-4244-9CD3-0EC9D65C5087",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE27611-53E7-4162-8630-5BC334B02E37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ld_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE711C34-E9F1-46C8-B52E-F1833306E968",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ld_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FDEBD6B-6BE4-4FAD-A4E6-BE762595434D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB964676-5A88-460D-AFF5-EEFE4EE9D135",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FFC1E9-4326-4F41-A86A-C52AB6A9A674",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "526B5B4E-4482-4CD4-AE7C-120CC08FB74E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6716DCDE-BD3F-4BA2-A66A-A0C14C6A3C15",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23DA897E-DEF8-4A49-8EEB-07FBB82061F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1769DB7A-F832-4D89-8ED0-8677F750059D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x206-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48DBE5A6-DF82-4383-B9D3-4A7334F569D8",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x206-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5BB0F2-DD4C-4AB4-9B8F-B2501B239080",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x206-1ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A105670-E8C6-4C69-B4EF-EB4B56DC8D30",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x206-1ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFF7FB7-774B-45ED-8400-951230DF0511",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x208_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02394BC6-4048-4ADC-9878-E20CBE2D9F78",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B574E2-F7BA-496B-887C-D25F386AA5E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x208_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55201B05-1A02-4D54-85A0-586D23E10E6D",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x208_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C9BA52-59BD-49B2-B932-9A364D9E6365",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x212-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83149C2D-F2FD-40A7-B2D0-85528E94DC05",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x212-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E716A4E-50A9-4C52-8DA9-098F7506F4B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x212-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B82FACB-B526-4EC6-9A29-2B0E1EA09AC4",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x212-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C08CDEE3-43EB-475E-8571-6E12824714FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x216_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C526C0C4-3AFD-4945-B296-2AFA9D52ED6C",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x216:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C4BAB5-E161-4B59-8A8C-369C7852A66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x224_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34CD00B1-8169-49DB-B842-F0C6D70BBCD8",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x224:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2203895-BC4E-4B2F-9110-C2CD88A121F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf201-3p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C4E4AA9-CDFF-4742-8680-79711FBE865D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf201-3p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41614C70-97B4-44C8-A441-530A413A26F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf202-2p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08E037EF-75CD-4A27-96BC-7DAF113A7BE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6751FB7D-C72C-4321-B535-5880FE696FC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7D8017-DB9B-4396-8ABD-134AE7522577",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1AE867-67B4-4871-BF56-88017533A737",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB0658D-EB75-4B33-B840-82895017EB81",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69285324-4C0B-4BDC-B60D-F653679DD52D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204-2ba_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F316894-3BBB-4B72-8636-23868BF557AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204-2ba_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99E6AFAA-B903-47BB-B0F3-7650B039C0FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A192C830-E846-42FE-9AD2-1AAECDE1FCE3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57E5489B-277A-4D02-B4AB-4DB65969EED2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf206-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0493014-8AEF-477F-BC42-8B801B836F15",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf206-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B40D2EB-5C69-47FA-801B-DC48407D418C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf208_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0B21DF-5104-4EE5-B3C7-BFBB5DB1DC7C",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898613B2-4A9D-44B9-A3FC-4347A2AD7CAB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT PRO (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT PRO (All versions \u003c V5.5.2), SCALANCE X204-2 (All versions \u003c V5.2.6), SCALANCE X204-2FM (All versions \u003c V5.2.6), SCALANCE X204-2LD (All versions \u003c V5.2.6), SCALANCE X204-2LD TS (All versions \u003c V5.2.6), SCALANCE X204-2TS (All versions \u003c V5.2.6), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT PRO (All versions \u003c V5.5.2), SCALANCE X206-1 (All versions \u003c V5.2.6), SCALANCE X206-1LD (All versions \u003c V5.2.6), SCALANCE X208 (All versions \u003c V5.2.6), SCALANCE X208PRO (All versions \u003c V5.2.6), SCALANCE X212-2 (All versions \u003c V5.2.6), SCALANCE X212-2LD (All versions \u003c V5.2.6), SCALANCE X216 (All versions \u003c V5.2.6), SCALANCE X224 (All versions \u003c V5.2.6), SCALANCE XF201-3P IRT (All versions \u003c V5.5.2), SCALANCE XF202-2P IRT (All versions \u003c V5.5.2), SCALANCE XF204 (All versions \u003c V5.2.6), SCALANCE XF204-2 (All versions \u003c V5.2.6), SCALANCE XF204-2BA IRT (All versions \u003c V5.5.2), SCALANCE XF204IRT (All versions \u003c V5.5.2), SCALANCE XF206-1 (All versions \u003c V5.2.6), SCALANCE XF208 (All versions \u003c V5.2.6). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SCALANCE X200-4P IRT (Todas las versiones), SCALANCE X200-4P IRT (Todas las versiones), SCALANCE X201-3P IRT (Todas las versiones), SCALANCE X201-3P IRT (Todas las versiones), SCALANCE X201-3P IRT PRO (Todas las versiones) SCALANCE X202-2IRT (Todas las versiones), SCALANCE X202-2IRT (Todas las versiones), SCALANCE X202-2P IRT (Todas las versiones), SCALANCE X202-2P IRT (Todas las versiones), SCALANCE X202-2P IRT PRO (Todas las versiones), SCALANCE X202-2P IRT PRO (Todas las versiones), SCALANCE X204-2 (Todas las versiones anteriores a V5. 2.6), SCALANCE X204-2FM (Todas las versiones anteriores a V5.2.6), SCALANCE X204-2LD (Todas las versiones anteriores a V5.2.6), SCALANCE X204-2LD TS (Todas las versiones anteriores a V5.2.6), SCALANCE X204-2TS (Todas las versiones anteriores a V5.2. 6), SCALANCE X204IRT (Todas las versiones), SCALANCE X204IRT (Todas las versiones), SCALANCE X204IRT PRO (Todas las versiones), SCALANCE X204IRT PRO (Todas las versiones), SCALANCE X206-1 (Todas las versiones anteriores a V5.2.6), SCALANCE X206-1LD (Todas las versiones anteriores a V5. 2.6), SCALANCE X208 (Todas las versiones anteriores a V5.2.6), SCALANCE X208PRO (Todas las versiones anteriores a V5.2.6), SCALANCE X212-2 (Todas las versiones anteriores a V5.2.6), SCALANCE X212-2LD (Todas las versiones anteriores a V5.2.6), SCALANCE X216 (Todas las versiones anteriores a V5. 2.6), SCALANCE X224 (Todas las versiones anteriores a V5.2.6), SCALANCE XF201-3P IRT (Todas las versiones), SCALANCE XF202-2P IRT (Todas las versiones), SCALANCE XF204 (Todas las versiones anteriores a V5.2.6), SCALANCE XF204-2 (Todas las versiones anteriores a V5. 2.6), SCALANCE XF204-2BA IRT (Todas las versiones), SCALANCE XF204IRT (Todas las versiones), SCALANCE XF204IRT (Todas las versiones), SCALANCE XF206-1 (Todas las versiones anteriores a V5.2.6), SCALANCE XF208 (Todas las versiones anteriores a V5.2.6). El servidor web de los dispositivos afectados calcula los identificadores de sesi\u00f3n y los nonces de forma no segura. Esto podr\u00eda permitir a un atacante remoto no autenticado forzar los identificadores de sesi\u00f3n y secuestrar las sesiones existentes"
}
],
"id": "CVE-2022-26647",
"lastModified": "2024-11-21T06:54:15.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2022-07-12T10:15:10.257",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-11 11:15
Modified
2024-11-21 07:21
Severity ?
Summary
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT (All versions < V5.5.0), SCALANCE X202-2P IRT (All versions < V5.5.0), SCALANCE X202-2P IRT PRO (All versions < V5.5.0), SCALANCE X204-2 (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X204IRT (All versions < V5.5.0), SCALANCE X204IRT PRO (All versions < V5.5.0), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < V5.5.0), SCALANCE XF202-2P IRT (All versions < V5.5.0), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204-2 (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < V5.5.0), SCALANCE XF204IRT (All versions < V5.5.0), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.0). There is a cross-site scripting vulnerability on the affected devices, that if used by a threat actor, it could result in session hijacking.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x200-4p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9718A3C6-D0FD-4A3B-95B1-8694B2B06060",
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x200-4p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9CBC72-92D9-4B3A-884F-33124C457016",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x201-3p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA86FF0D-7B16-4991-B4A5-AF33BF40693A",
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3268CF75-6DAB-416A-B19B-2A8F95C268CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x201-3p_irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA2326FF-5125-44F5-871C-2DC505E2B299",
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "492E8AC1-338B-4AC3-90C7-1FADCD4528C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "666FACCE-89EB-4E5D-A718-F1D4945F7DF4",
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8B1D979-038F-42F4-AB7D-E0664D051B4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0475BCB9-BD28-454F-8898-C238446AD00B",
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB62730-E759-455A-A308-F9DB084B35B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2p_irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29C03AD0-7A60-4BFB-A0D3-BABB9717F1A1",
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4726901-34BF-4F70-80A6-71648A4A29FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE1A821-8F0A-4B96-AC8A-B219215014B1",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E38CE5A4-3EB1-4E93-BEB7-520E08DA6720",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2fm_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54201E08-15E3-4C93-9A0D-DC376B7C8D88",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2fm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCBC784-8EA0-4C6C-B504-DFC164028E4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75220631-DD7D-4E86-8405-F98340FFE27C",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE27611-53E7-4162-8630-5BC334B02E37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ld_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3032A499-DFD5-4FEA-8AC6-E661781387AB",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ld_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FDEBD6B-6BE4-4FAD-A4E6-BE762595434D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A493C49A-8BF9-43E5-98D5-55E5390A36A5",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FFC1E9-4326-4F41-A86A-C52AB6A9A674",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C94D093-9D17-47C9-A7F6-28FF241BF874",
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6716DCDE-BD3F-4BA2-A66A-A0C14C6A3C15",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F0BEFA7-9795-4009-B055-704BF3C97B6B",
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1769DB7A-F832-4D89-8ED0-8677F750059D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x206-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C9747F-BEC3-486E-B553-3339F8B54C3A",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x206-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5BB0F2-DD4C-4AB4-9B8F-B2501B239080",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x206-1ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8D68AC-8F30-4919-ADB3-A6018458602B",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x206-1ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFF7FB7-774B-45ED-8400-951230DF0511",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x208_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BC1450A-92ED-451F-9890-4E18CA974485",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B574E2-F7BA-496B-887C-D25F386AA5E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x208pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "768320F0-10F5-4B36-AEB6-9DEEA43A30E8",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x208pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF2C60CF-4089-4993-A2CB-B7FBDAF81D62",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x212-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31B8367C-5EAC-49F4-83B8-C7E3BD373092",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x212-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E716A4E-50A9-4C52-8DA9-098F7506F4B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x212-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55F50ABF-3E9A-4435-BAA4-7D11A2047D46",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x212-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C08CDEE3-43EB-475E-8571-6E12824714FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x216_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC643617-D0B7-4379-8ADB-2C2BACA4B165",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x216:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C4BAB5-E161-4B59-8A8C-369C7852A66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x224_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0189DF6-DA80-49FE-B09F-0C07D892518E",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x224:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2203895-BC4E-4B2F-9110-C2CD88A121F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf201-3p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5557DB0-D3D8-4E53-BBA8-700B2BC336C0",
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf201-3p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41614C70-97B4-44C8-A441-530A413A26F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf202-2p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A7EDE9-B5F9-4471-8C5D-B1D590CB85FB",
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6751FB7D-C72C-4321-B535-5880FE696FC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CD13707-1164-415E-9083-7946D151F1FC",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1AE867-67B4-4871-BF56-88017533A737",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A09FF2D-F369-47B5-AEE4-A862BEDD9851",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69285324-4C0B-4BDC-B60D-F653679DD52D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204-2ba_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "786738CF-CA6C-4812-BD4D-595E249BFA76",
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204-2ba_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99E6AFAA-B903-47BB-B0F3-7650B039C0FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4824C65E-E41B-4883-AAB5-011904AE463C",
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57E5489B-277A-4D02-B4AB-4DB65969EED2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf206-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFCDC84E-0695-409A-844B-D24024CC33F2",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf206-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B40D2EB-5C69-47FA-801B-DC48407D418C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf208_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1DB6C03-71BF-4359-834B-384E78910E64",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898613B2-4A9D-44B9-A3FC-4347A2AD7CAB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_net_scalance_x202-2p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB92E2D3-8F6D-40F2-9536-8D7DD7FBC9A5",
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_net_scalance_x202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C3504F0-D0F4-4106-824E-A87E46DADC3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c V5.5.0), SCALANCE X201-3P IRT (All versions \u003c V5.5.0), SCALANCE X201-3P IRT PRO (All versions \u003c V5.5.0), SCALANCE X202-2IRT (All versions \u003c V5.5.0), SCALANCE X202-2P IRT (All versions \u003c V5.5.0), SCALANCE X202-2P IRT PRO (All versions \u003c V5.5.0), SCALANCE X204-2 (All versions \u003c V5.2.5), SCALANCE X204-2FM (All versions \u003c V5.2.5), SCALANCE X204-2LD (All versions \u003c V5.2.5), SCALANCE X204-2LD TS (All versions \u003c V5.2.5), SCALANCE X204-2TS (All versions \u003c V5.2.5), SCALANCE X204IRT (All versions \u003c V5.5.0), SCALANCE X204IRT PRO (All versions \u003c V5.5.0), SCALANCE X206-1 (All versions \u003c V5.2.5), SCALANCE X206-1LD (All versions \u003c V5.2.5), SCALANCE X208 (All versions \u003c V5.2.5), SCALANCE X208PRO (All versions \u003c V5.2.5), SCALANCE X212-2 (All versions \u003c V5.2.5), SCALANCE X212-2LD (All versions \u003c V5.2.5), SCALANCE X216 (All versions \u003c V5.2.5), SCALANCE X224 (All versions \u003c V5.2.5), SCALANCE XF201-3P IRT (All versions \u003c V5.5.0), SCALANCE XF202-2P IRT (All versions \u003c V5.5.0), SCALANCE XF204 (All versions \u003c V5.2.5), SCALANCE XF204-2 (All versions \u003c V5.2.5), SCALANCE XF204-2BA IRT (All versions \u003c V5.5.0), SCALANCE XF204IRT (All versions \u003c V5.5.0), SCALANCE XF206-1 (All versions \u003c V5.2.5), SCALANCE XF208 (All versions \u003c V5.2.5), SIPLUS NET SCALANCE X202-2P IRT (All versions \u003c V5.5.0). There is a cross-site scripting vulnerability on the affected devices, that if used by a threat actor, it could result in session hijacking."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SCALANCE X200-4P IRT (Todas las versiones anteriores a V5.5.0), SCALANCE X201-3P IRT (Todas las versiones anteriores a V5.5.0), SCALANCE X201-3P IRT PRO (Todas las versiones anteriores a V5. 5.0), SCALANCE X202-2IRT (Todas las versiones anteriores a V5.5.0), SCALANCE X202-2P IRT (Todas las versiones anteriores a V5.5.0), SCALANCE X202-2P IRT PRO (Todas las versiones anteriores a V5.5. 0), SCALANCE X204-2 (Todas las versiones anteriores a V5.2.5), SCALANCE X204-2FM (Todas las versiones anteriores a V5.2.5), SCALANCE X204-2LD (Todas las versiones anteriores a V5.2.5), SCALANCE X204-2LD TS (Todas las versiones anteriores a V5. 2.5), SCALANCE X204-2TS (Todas las versiones anteriores a V5.2.5), SCALANCE X204IRT (Todas las versiones anteriores a V5.5.0), SCALANCE X204IRT PRO (Todas las versiones anteriores a V5.5.0), SCALANCE X206-1 (Todas las versiones anteriores a V5.2. 5), SCALANCE X206-1LD (Todas las versiones anteriores a V5.2.5), SCALANCE X208 (Todas las versiones anteriores a V5.2.5), SCALANCE X208PRO (Todas las versiones anteriores a V5.2.5), SCALANCE X212-2 (Todas las versiones anteriores a V5.2. 5), SCALANCE X212-2LD (Todas las versiones anteriores a V5.2.5), SCALANCE X216 (Todas las versiones anteriores a V5.2.5), SCALANCE X224 (Todas las versiones anteriores a V5.2.5), SCALANCE XF201-3P IRT (Todas las versiones anteriores a V5.5. 0), SCALANCE XF202-2P IRT (Todas las versiones anteriores a V5.5.0), SCALANCE XF204 (Todas las versiones anteriores a V5.2.5), SCALANCE XF204-2 (Todas las versiones anteriores a V5.2.5), SCALANCE XF204-2BA IRT (Todas las versiones anteriores a V5.5. 0), SCALANCE XF204IRT (Todas las versiones anteriores a V5.5.0), SCALANCE XF206-1 (Todas las versiones anteriores a V5.2.5), SCALANCE XF208 (Todas las versiones anteriores a V5.2.5), SIPLUS NET SCALANCE X202-2P IRT (Todas las versiones anteriores a V5.5.0). Se presenta una vulnerabilidad de tipo cross-site scripting en los dispositivos afectados, que si es usada por un actor de amenaza, podr\u00eda resultar en un secuestro de sesi\u00f3n"
}
],
"id": "CVE-2022-40631",
"lastModified": "2024-11-21T07:21:44.787",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-11T11:15:10.997",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501891.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501891.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
}
]
}