All the vulnerabilites related to siemens - scalance_x204-2
Vulnerability from fkie_nvd
Published
2021-04-22 21:15
Modified
2024-11-21 05:55
Severity ?
Summary
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions < 5.5.1), SCALANCE X202-2P IRT PRO (All versions < 5.5.1), SCALANCE X204 IRT (All versions < 5.5.1), SCALANCE X204 IRT PRO (All versions < 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < 5.5.1), SCALANCE XF202-2P IRT (All versions < 5.5.1), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204 IRT (All versions < 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < 5.5.1), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5). Incorrect processing of POST requests in the webserver may result in write out of bounds in heap. An attacker might leverage this to cause denial-of-service on the device and potentially remotely execute code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x200-4p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADFA817F-7237-458A-8BCB-95551360E22A",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x200-4p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9CBC72-92D9-4B3A-884F-33124C457016",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x201-3p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47627D33-BE10-42EC-AD9A-7E3FE4ECF6E2",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3268CF75-6DAB-416A-B19B-2A8F95C268CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x201-3p_irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9328F7AC-5842-4525-9B30-7C8617063941",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "492E8AC1-338B-4AC3-90C7-1FADCD4528C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20883AFA-C61C-40DC-A343-3CDEA9B1B0AC",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "577D1E21-717C-4508-AE91-0BC490C89F85",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2p_irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA284180-566E-45D5-B3B6-4617B89FF4B6",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4726901-34BF-4F70-80A6-71648A4A29FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A15A02F-7C41-4495-AD4E-11201FE5771F",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC31F0E-389B-4925-88DE-726F2F0D2A23",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204_irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40FCE8E4-B527-4B2D-AC98-C6649EAB4EC0",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204_irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF096BA-A6F4-46B3-9B9B-7FCEE7E6A6C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE1A821-8F0A-4B96-AC8A-B219215014B1",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E38CE5A4-3EB1-4E93-BEB7-520E08DA6720",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2fm_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54201E08-15E3-4C93-9A0D-DC376B7C8D88",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2fm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCBC784-8EA0-4C6C-B504-DFC164028E4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75220631-DD7D-4E86-8405-F98340FFE27C",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE27611-53E7-4162-8630-5BC334B02E37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ld_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3032A499-DFD5-4FEA-8AC6-E661781387AB",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ld_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FDEBD6B-6BE4-4FAD-A4E6-BE762595434D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A493C49A-8BF9-43E5-98D5-55E5390A36A5",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FFC1E9-4326-4F41-A86A-C52AB6A9A674",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x206-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C9747F-BEC3-486E-B553-3339F8B54C3A",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x206-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5BB0F2-DD4C-4AB4-9B8F-B2501B239080",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x206-1ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8D68AC-8F30-4919-ADB3-A6018458602B",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x206-1ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFF7FB7-774B-45ED-8400-951230DF0511",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x208_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BC1450A-92ED-451F-9890-4E18CA974485",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B574E2-F7BA-496B-887C-D25F386AA5E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x208pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "768320F0-10F5-4B36-AEB6-9DEEA43A30E8",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x208pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF2C60CF-4089-4993-A2CB-B7FBDAF81D62",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x212-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31B8367C-5EAC-49F4-83B8-C7E3BD373092",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x212-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E716A4E-50A9-4C52-8DA9-098F7506F4B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x212-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55F50ABF-3E9A-4435-BAA4-7D11A2047D46",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x212-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C08CDEE3-43EB-475E-8571-6E12824714FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x216_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC643617-D0B7-4379-8ADB-2C2BACA4B165",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x216:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C4BAB5-E161-4B59-8A8C-369C7852A66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x224_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0189DF6-DA80-49FE-B09F-0C07D892518E",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x224:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2203895-BC4E-4B2F-9110-C2CD88A121F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf201-3p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A73DE9A4-A86D-44BB-828F-F358D0E8102C",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf201-3p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41614C70-97B4-44C8-A441-530A413A26F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf202-2p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA653B06-6B43-422B-9E51-4B29438841B4",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6751FB7D-C72C-4321-B535-5880FE696FC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CD13707-1164-415E-9083-7946D151F1FC",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1AE867-67B4-4871-BF56-88017533A737",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB90745-6B95-43A9-8211-DE32D1000827",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25DDF1EB-80E7-491F-A197-1B220E35CDF1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A09FF2D-F369-47B5-AEE4-A862BEDD9851",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69285324-4C0B-4BDC-B60D-F653679DD52D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204-2ba_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D634EE1A-2EB5-46FF-9E38-12DA3CDD3136",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204-2ba_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99E6AFAA-B903-47BB-B0F3-7650B039C0FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf206-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFCDC84E-0695-409A-844B-D24024CC33F2",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf206-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B40D2EB-5C69-47FA-801B-DC48407D418C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf208_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1DB6C03-71BF-4359-834B-384E78910E64",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898613B2-4A9D-44B9-A3FC-4347A2AD7CAB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2560F9B6-D121-4B82-A96F-81A0A4869616",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB62730-E759-455A-A308-F9DB084B35B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c 5.5.1), SCALANCE X201-3P IRT (All versions \u003c 5.5.1), SCALANCE X201-3P IRT PRO (All versions \u003c 5.5.1), SCALANCE X202-2 IRT (All versions \u003c 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions \u003c 5.5.1), SCALANCE X202-2P IRT PRO (All versions \u003c 5.5.1), SCALANCE X204 IRT (All versions \u003c 5.5.1), SCALANCE X204 IRT PRO (All versions \u003c 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X204-2FM (All versions \u003c V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X204-2LD TS (All versions \u003c V5.2.5), SCALANCE X204-2TS (All versions \u003c V5.2.5), SCALANCE X206-1 (All versions \u003c V5.2.5), SCALANCE X206-1LD (All versions \u003c V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X208PRO (All versions \u003c V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X212-2LD (All versions \u003c V5.2.5), SCALANCE X216 (All versions \u003c V5.2.5), SCALANCE X224 (All versions \u003c V5.2.5), SCALANCE XF201-3P IRT (All versions \u003c 5.5.1), SCALANCE XF202-2P IRT (All versions \u003c 5.5.1), SCALANCE XF204 (All versions \u003c V5.2.5), SCALANCE XF204 IRT (All versions \u003c 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE XF204-2BA IRT (All versions \u003c 5.5.1), SCALANCE XF206-1 (All versions \u003c V5.2.5), SCALANCE XF208 (All versions \u003c V5.2.5). Incorrect processing of POST requests in the webserver may result in write out of bounds in heap. An attacker might leverage this to cause denial-of-service on the device and potentially remotely execute code."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SCALANCE X200-4P IRT (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE X201-3P IRT (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE X201-3P IRT PRO (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE X202-2 IRT (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE X202-2P IRT (Incluyendo las variantes SIPLUS) (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE X202-2P IRT PRO (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE X204 IRT (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE X204 IRT PRO (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE X204-2 (Incluyendo las variantes SIPLUS) (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X204-2FM (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X204-2LD (Incluyendo las variantes SIPLUS) (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X204-2LD TS (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X204-2TS (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X206-1 (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X206-1LD (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X208 (Incluyendo las variantes SIPLUS) (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X208PRO (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X212-2 (Incluyendo las variantes SIPLUS) (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X212-2LD (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X216 (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X224 (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE XF201-3P IRT (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE XF202-2P IRT (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE XF204 (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE XF204 IRT (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE XF204-2 (Incluyendo las variantes SIPLUS) (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE XF204-2BA IRT (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE XF206-1 (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE XF208 (Todas las versiones anteriores a la versi\u00f3n V5.2.5). Un procesamiento incorrecto de las peticiones POST en el servidor web puede resultar en una escritura fuera de l\u00edmites en la pila. Un atacante puede aprovechar esto para causar una denegaci\u00f3n de servicio en el dispositivo y potencialmente ejecutar c\u00f3digo remotamente"
}
],
"id": "CVE-2021-25668",
"lastModified": "2024-11-21T05:55:15.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-22T21:15:10.110",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-13 17:15
Modified
2024-11-21 06:02
Severity ?
Summary
An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf | Third Party Advisory | |
| cve@mitre.org | https://cert-portal.siemens.com/productcert/pdf/ssa-910883.pdf | Third Party Advisory | |
| cve@mitre.org | https://support2.windriver.com/index.php?page=security-notices | Vendor Advisory | |
| cve@mitre.org | https://us-cert.cisa.gov/ics/advisories/icsa-21-194-12 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-910883.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support2.windriver.com/index.php?page=security-notices | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-194-12 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03B0DF42-7A4C-4D11-845C-43FDD54C3E18",
"versionEndExcluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_win_subscriber_station_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "789B059C-4E07-44A3-A69F-A77FEC3ED3D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_win_subscriber_station:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8442F026-8F07-40C1-8845-460FE87DD16E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x200-4_p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5402555C-7F00-4CB2-8EB7-8CC678170C58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x200-4_p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73E42E20-18CB-40A7-B6D5-751F26303995",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x201-3p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F45960F-8E24-497B-86D3-40816FDAFCAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3268CF75-6DAB-416A-B19B-2A8F95C268CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x201-3p_irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E81C7358-632C-47AC-A2D2-F3C390CC452A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "492E8AC1-338B-4AC3-90C7-1FADCD4528C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68AB0A4C-7867-4C50-A500-9D7F00219B5C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "577D1E21-717C-4508-AE91-0BC490C89F85",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11AEF3D6-96B0-431F-A664-E8E281CDA61C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB62730-E759-455A-A308-F9DB084B35B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2p_irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70610406-76B7-47E6-A389-622074C72617",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4726901-34BF-4F70-80A6-71648A4A29FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "538627CD-9730-4F63-83A8-CA9C447E4766",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC31F0E-389B-4925-88DE-726F2F0D2A23",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204_irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "034BA07A-82E8-49BC-A392-55D617BB52D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204_irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF096BA-A6F4-46B3-9B9B-7FCEE7E6A6C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C3DA812-8E86-4C23-B92D-3655575B2676",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E38CE5A4-3EB1-4E93-BEB7-520E08DA6720",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2fm_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E170F607-8B16-4F54-81E5-97F0D02D1EB7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2fm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCBC784-8EA0-4C6C-B504-DFC164028E4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DA642A1-6054-48FB-A6B8-8E0859B377D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE27611-53E7-4162-8630-5BC334B02E37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ld_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF1A11A6-1ECD-4F41-9175-90E78D097B5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ld_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FDEBD6B-6BE4-4FAD-A4E6-BE762595434D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56885E0C-CF3A-4DBC-87D1-113A2578C641",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FFC1E9-4326-4F41-A86A-C52AB6A9A674",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x206-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72B90335-C0B4-4AB8-89ED-C7DE860871CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x206-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5BB0F2-DD4C-4AB4-9B8F-B2501B239080",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x206-1ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCC23F70-522C-4963-87C7-9F28D3D2C1E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x206-1ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFF7FB7-774B-45ED-8400-951230DF0511",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x208_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "697984F9-8A95-42A4-BCA9-D181D849299E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B574E2-F7BA-496B-887C-D25F386AA5E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x208_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AF06E74-9DD6-42BF-85FB-CB6A50D25063",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x208_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C9BA52-59BD-49B2-B932-9A364D9E6365",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x212-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2620D247-4608-44CF-90B2-1097D98EB067",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x212-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E716A4E-50A9-4C52-8DA9-098F7506F4B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x212-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B0864B-8696-42B9-A409-958D879294D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x212-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C08CDEE3-43EB-475E-8571-6E12824714FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x216_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D73D50F-6BC0-47A3-BBCE-51AC3E42E6D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x216:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C4BAB5-E161-4B59-8A8C-369C7852A66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x224_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39963CE4-018F-4229-90BF-F647F4E264AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x224:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2203895-BC4E-4B2F-9110-C2CD88A121F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42E2C599-41E1-473A-8E05-011C5DE120D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F6299B-D7E3-4750-B016-7DCBC83C2287",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x408_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "161EF365-C693-4FFE-97DF-DE96B84B98A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x408:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47F713E4-4B75-476E-BC21-92CA10198AE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf201-3p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C4E4AA9-CDFF-4742-8680-79711FBE865D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf201-3p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41614C70-97B4-44C8-A441-530A413A26F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf202-2p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08E037EF-75CD-4A27-96BC-7DAF113A7BE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6751FB7D-C72C-4321-B535-5880FE696FC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "89727F5E-2482-4C47-BAF7-91735B098790",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1AE867-67B4-4871-BF56-88017533A737",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57808C94-3438-4DA9-9995-6CE2FCA06D59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25DDF1EB-80E7-491F-A197-1B220E35CDF1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F0D5718-455A-4FE1-B2D4-14CD1A3C4096",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69285324-4C0B-4BDC-B60D-F653679DD52D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204-2ba_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F316894-3BBB-4B72-8636-23868BF557AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204-2ba_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99E6AFAA-B903-47BB-B0F3-7650B039C0FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf206-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D7CC146-F73F-4635-A356-DE0CA8D8DE59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf206-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B40D2EB-5C69-47FA-801B-DC48407D418C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf208_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5446CA2B-054C-4804-BBDD-685A8F802FF0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898613B2-4A9D-44B9-A3FC-4347A2AD7CAB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_rf_181_eip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B750B38E-EB65-4812-B9AA-33CA3F887B80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_rf_181_eip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69DC3D78-6E5C-4623-A416-D135DC978D57",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_rf_182c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7DFC5CB-F4DF-489E-B438-7FD5E4061DF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_rf_182c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0074582F-B557-462A-9A77-13EAE9F8654F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinamics_perfect_harmony_gh180_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E22ACA9-EBF1-43D0-ADC2-DA9A965CEDB8",
"versionEndExcluding": "2022",
"versionStartIncluding": "2015",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sinamics_perfect_harmony_gh180:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1C86C1E-8320-4C73-80C9-E4257E7A7D31",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Wind River VxWorks versiones anteriores a 6.5.\u0026#xa0;Se presenta un posible desbordamiento de la pila en el cliente dhcp"
}
],
"id": "CVE-2021-29998",
"lastModified": "2024-11-21T06:02:08.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-13T17:15:12.310",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-910883.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support2.windriver.com/index.php?page=security-notices"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-910883.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support2.windriver.com/index.php?page=security-notices"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-12"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-22 21:15
Modified
2024-11-21 05:55
Severity ?
Summary
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions < 5.5.1), SCALANCE X202-2P IRT PRO (All versions < 5.5.1), SCALANCE X204 IRT (All versions < 5.5.1), SCALANCE X204 IRT PRO (All versions < 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < 5.5.1), SCALANCE XF202-2P IRT (All versions < 5.5.1), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204 IRT (All versions < 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < 5.5.1), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5). Incorrect processing of POST requests in the web server may write out of bounds in stack. An attacker might leverage this to denial-of-service of the device or remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x200-4p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADFA817F-7237-458A-8BCB-95551360E22A",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x200-4p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9CBC72-92D9-4B3A-884F-33124C457016",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x201-3p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47627D33-BE10-42EC-AD9A-7E3FE4ECF6E2",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3268CF75-6DAB-416A-B19B-2A8F95C268CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x201-3p_irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9328F7AC-5842-4525-9B30-7C8617063941",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "492E8AC1-338B-4AC3-90C7-1FADCD4528C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20883AFA-C61C-40DC-A343-3CDEA9B1B0AC",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "577D1E21-717C-4508-AE91-0BC490C89F85",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2p_irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA284180-566E-45D5-B3B6-4617B89FF4B6",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4726901-34BF-4F70-80A6-71648A4A29FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A15A02F-7C41-4495-AD4E-11201FE5771F",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC31F0E-389B-4925-88DE-726F2F0D2A23",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204_irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40FCE8E4-B527-4B2D-AC98-C6649EAB4EC0",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204_irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF096BA-A6F4-46B3-9B9B-7FCEE7E6A6C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE1A821-8F0A-4B96-AC8A-B219215014B1",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E38CE5A4-3EB1-4E93-BEB7-520E08DA6720",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2fm_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54201E08-15E3-4C93-9A0D-DC376B7C8D88",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2fm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCBC784-8EA0-4C6C-B504-DFC164028E4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75220631-DD7D-4E86-8405-F98340FFE27C",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE27611-53E7-4162-8630-5BC334B02E37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ld_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3032A499-DFD5-4FEA-8AC6-E661781387AB",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ld_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FDEBD6B-6BE4-4FAD-A4E6-BE762595434D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A493C49A-8BF9-43E5-98D5-55E5390A36A5",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FFC1E9-4326-4F41-A86A-C52AB6A9A674",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x206-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C9747F-BEC3-486E-B553-3339F8B54C3A",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x206-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5BB0F2-DD4C-4AB4-9B8F-B2501B239080",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x206-1ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8D68AC-8F30-4919-ADB3-A6018458602B",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x206-1ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFF7FB7-774B-45ED-8400-951230DF0511",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x208_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BC1450A-92ED-451F-9890-4E18CA974485",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B574E2-F7BA-496B-887C-D25F386AA5E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x208pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "768320F0-10F5-4B36-AEB6-9DEEA43A30E8",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x208pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF2C60CF-4089-4993-A2CB-B7FBDAF81D62",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x212-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31B8367C-5EAC-49F4-83B8-C7E3BD373092",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x212-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E716A4E-50A9-4C52-8DA9-098F7506F4B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x212-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55F50ABF-3E9A-4435-BAA4-7D11A2047D46",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x212-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C08CDEE3-43EB-475E-8571-6E12824714FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x216_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC643617-D0B7-4379-8ADB-2C2BACA4B165",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x216:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C4BAB5-E161-4B59-8A8C-369C7852A66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x224_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0189DF6-DA80-49FE-B09F-0C07D892518E",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x224:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2203895-BC4E-4B2F-9110-C2CD88A121F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf201-3p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A73DE9A4-A86D-44BB-828F-F358D0E8102C",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf201-3p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41614C70-97B4-44C8-A441-530A413A26F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf202-2p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA653B06-6B43-422B-9E51-4B29438841B4",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6751FB7D-C72C-4321-B535-5880FE696FC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CD13707-1164-415E-9083-7946D151F1FC",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1AE867-67B4-4871-BF56-88017533A737",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB90745-6B95-43A9-8211-DE32D1000827",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25DDF1EB-80E7-491F-A197-1B220E35CDF1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A09FF2D-F369-47B5-AEE4-A862BEDD9851",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69285324-4C0B-4BDC-B60D-F653679DD52D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204-2ba_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D634EE1A-2EB5-46FF-9E38-12DA3CDD3136",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204-2ba_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99E6AFAA-B903-47BB-B0F3-7650B039C0FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf206-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFCDC84E-0695-409A-844B-D24024CC33F2",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf206-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B40D2EB-5C69-47FA-801B-DC48407D418C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf208_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1DB6C03-71BF-4359-834B-384E78910E64",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898613B2-4A9D-44B9-A3FC-4347A2AD7CAB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2560F9B6-D121-4B82-A96F-81A0A4869616",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB62730-E759-455A-A308-F9DB084B35B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c 5.5.1), SCALANCE X201-3P IRT (All versions \u003c 5.5.1), SCALANCE X201-3P IRT PRO (All versions \u003c 5.5.1), SCALANCE X202-2 IRT (All versions \u003c 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions \u003c 5.5.1), SCALANCE X202-2P IRT PRO (All versions \u003c 5.5.1), SCALANCE X204 IRT (All versions \u003c 5.5.1), SCALANCE X204 IRT PRO (All versions \u003c 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X204-2FM (All versions \u003c V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X204-2LD TS (All versions \u003c V5.2.5), SCALANCE X204-2TS (All versions \u003c V5.2.5), SCALANCE X206-1 (All versions \u003c V5.2.5), SCALANCE X206-1LD (All versions \u003c V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X208PRO (All versions \u003c V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X212-2LD (All versions \u003c V5.2.5), SCALANCE X216 (All versions \u003c V5.2.5), SCALANCE X224 (All versions \u003c V5.2.5), SCALANCE XF201-3P IRT (All versions \u003c 5.5.1), SCALANCE XF202-2P IRT (All versions \u003c 5.5.1), SCALANCE XF204 (All versions \u003c V5.2.5), SCALANCE XF204 IRT (All versions \u003c 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE XF204-2BA IRT (All versions \u003c 5.5.1), SCALANCE XF206-1 (All versions \u003c V5.2.5), SCALANCE XF208 (All versions \u003c V5.2.5). Incorrect processing of POST requests in the web server may write out of bounds in stack. An attacker might leverage this to denial-of-service of the device or remote code execution."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SCALANCE X200-4P IRT (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE X201-3P IRT (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE X201-3P IRT PRO (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE X202-2 IRT (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE X202-2P IRT (Incluyendo las variantes SIPLUS NET) (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE X202-2P IRT PRO (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE X204 IRT (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE X204 IRT PRO (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE X204-2 (Incluyendo las variantes SIPLUS NET) (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X204-2FM (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X204-2LD (Incluyendo las variantes SIPLUS NET) (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X204-2LD TS (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X204-2TS (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X206-1 (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X206-1LD (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X208 (Incluyendo las variantes SIPLUS NET) (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X208PRO (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X212-2 (Incluyendo las variantes SIPLUS NET) (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X212-2LD (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X216 (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE X224 (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE XF201-3P IRT (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE XF202-2P IRT (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE XF204 (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE XF204 IRT (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE XF204-2 (Incluyendo las variantes SIPLUS NET) (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE XF204-2BA IRT (Todas las versiones anteriores a la versi\u00f3n 5.5.1), SCALANCE XF206-1 (Todas las versiones anteriores a la versi\u00f3n V5.2.5), SCALANCE XF208 (Todas las versiones anteriores a la versi\u00f3n V5.2.5). El procesamiento inapropiado de las peticiones POST en el servidor web puede escribir fuera de l\u00edmites en la pila.\u0026#xa0;Un atacante podr\u00eda aprovechar esto para una Denegaci\u00f3n de Servicio del dispositivo o una ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2021-25669",
"lastModified": "2024-11-21T05:55:15.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-22T21:15:10.143",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-11 11:15
Modified
2024-11-21 07:21
Severity ?
Summary
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT (All versions < V5.5.0), SCALANCE X202-2P IRT (All versions < V5.5.0), SCALANCE X202-2P IRT PRO (All versions < V5.5.0), SCALANCE X204-2 (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X204IRT (All versions < V5.5.0), SCALANCE X204IRT PRO (All versions < V5.5.0), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < V5.5.0), SCALANCE XF202-2P IRT (All versions < V5.5.0), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204-2 (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < V5.5.0), SCALANCE XF204IRT (All versions < V5.5.0), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.0). There is a cross-site scripting vulnerability on the affected devices, that if used by a threat actor, it could result in session hijacking.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x200-4p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9718A3C6-D0FD-4A3B-95B1-8694B2B06060",
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x200-4p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9CBC72-92D9-4B3A-884F-33124C457016",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x201-3p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA86FF0D-7B16-4991-B4A5-AF33BF40693A",
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3268CF75-6DAB-416A-B19B-2A8F95C268CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x201-3p_irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA2326FF-5125-44F5-871C-2DC505E2B299",
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "492E8AC1-338B-4AC3-90C7-1FADCD4528C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "666FACCE-89EB-4E5D-A718-F1D4945F7DF4",
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8B1D979-038F-42F4-AB7D-E0664D051B4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0475BCB9-BD28-454F-8898-C238446AD00B",
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB62730-E759-455A-A308-F9DB084B35B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2p_irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29C03AD0-7A60-4BFB-A0D3-BABB9717F1A1",
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4726901-34BF-4F70-80A6-71648A4A29FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE1A821-8F0A-4B96-AC8A-B219215014B1",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E38CE5A4-3EB1-4E93-BEB7-520E08DA6720",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2fm_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54201E08-15E3-4C93-9A0D-DC376B7C8D88",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2fm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCBC784-8EA0-4C6C-B504-DFC164028E4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75220631-DD7D-4E86-8405-F98340FFE27C",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE27611-53E7-4162-8630-5BC334B02E37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ld_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3032A499-DFD5-4FEA-8AC6-E661781387AB",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ld_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FDEBD6B-6BE4-4FAD-A4E6-BE762595434D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A493C49A-8BF9-43E5-98D5-55E5390A36A5",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FFC1E9-4326-4F41-A86A-C52AB6A9A674",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C94D093-9D17-47C9-A7F6-28FF241BF874",
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6716DCDE-BD3F-4BA2-A66A-A0C14C6A3C15",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F0BEFA7-9795-4009-B055-704BF3C97B6B",
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1769DB7A-F832-4D89-8ED0-8677F750059D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x206-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C9747F-BEC3-486E-B553-3339F8B54C3A",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x206-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5BB0F2-DD4C-4AB4-9B8F-B2501B239080",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x206-1ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8D68AC-8F30-4919-ADB3-A6018458602B",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x206-1ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFF7FB7-774B-45ED-8400-951230DF0511",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x208_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BC1450A-92ED-451F-9890-4E18CA974485",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B574E2-F7BA-496B-887C-D25F386AA5E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x208pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "768320F0-10F5-4B36-AEB6-9DEEA43A30E8",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x208pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF2C60CF-4089-4993-A2CB-B7FBDAF81D62",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x212-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31B8367C-5EAC-49F4-83B8-C7E3BD373092",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x212-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E716A4E-50A9-4C52-8DA9-098F7506F4B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x212-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55F50ABF-3E9A-4435-BAA4-7D11A2047D46",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x212-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C08CDEE3-43EB-475E-8571-6E12824714FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x216_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC643617-D0B7-4379-8ADB-2C2BACA4B165",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x216:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C4BAB5-E161-4B59-8A8C-369C7852A66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x224_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0189DF6-DA80-49FE-B09F-0C07D892518E",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x224:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2203895-BC4E-4B2F-9110-C2CD88A121F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf201-3p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5557DB0-D3D8-4E53-BBA8-700B2BC336C0",
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf201-3p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41614C70-97B4-44C8-A441-530A413A26F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf202-2p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A7EDE9-B5F9-4471-8C5D-B1D590CB85FB",
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6751FB7D-C72C-4321-B535-5880FE696FC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CD13707-1164-415E-9083-7946D151F1FC",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1AE867-67B4-4871-BF56-88017533A737",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A09FF2D-F369-47B5-AEE4-A862BEDD9851",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69285324-4C0B-4BDC-B60D-F653679DD52D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204-2ba_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "786738CF-CA6C-4812-BD4D-595E249BFA76",
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204-2ba_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99E6AFAA-B903-47BB-B0F3-7650B039C0FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4824C65E-E41B-4883-AAB5-011904AE463C",
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57E5489B-277A-4D02-B4AB-4DB65969EED2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf206-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFCDC84E-0695-409A-844B-D24024CC33F2",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf206-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B40D2EB-5C69-47FA-801B-DC48407D418C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf208_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1DB6C03-71BF-4359-834B-384E78910E64",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898613B2-4A9D-44B9-A3FC-4347A2AD7CAB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_net_scalance_x202-2p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB92E2D3-8F6D-40F2-9536-8D7DD7FBC9A5",
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_net_scalance_x202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C3504F0-D0F4-4106-824E-A87E46DADC3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c V5.5.0), SCALANCE X201-3P IRT (All versions \u003c V5.5.0), SCALANCE X201-3P IRT PRO (All versions \u003c V5.5.0), SCALANCE X202-2IRT (All versions \u003c V5.5.0), SCALANCE X202-2P IRT (All versions \u003c V5.5.0), SCALANCE X202-2P IRT PRO (All versions \u003c V5.5.0), SCALANCE X204-2 (All versions \u003c V5.2.5), SCALANCE X204-2FM (All versions \u003c V5.2.5), SCALANCE X204-2LD (All versions \u003c V5.2.5), SCALANCE X204-2LD TS (All versions \u003c V5.2.5), SCALANCE X204-2TS (All versions \u003c V5.2.5), SCALANCE X204IRT (All versions \u003c V5.5.0), SCALANCE X204IRT PRO (All versions \u003c V5.5.0), SCALANCE X206-1 (All versions \u003c V5.2.5), SCALANCE X206-1LD (All versions \u003c V5.2.5), SCALANCE X208 (All versions \u003c V5.2.5), SCALANCE X208PRO (All versions \u003c V5.2.5), SCALANCE X212-2 (All versions \u003c V5.2.5), SCALANCE X212-2LD (All versions \u003c V5.2.5), SCALANCE X216 (All versions \u003c V5.2.5), SCALANCE X224 (All versions \u003c V5.2.5), SCALANCE XF201-3P IRT (All versions \u003c V5.5.0), SCALANCE XF202-2P IRT (All versions \u003c V5.5.0), SCALANCE XF204 (All versions \u003c V5.2.5), SCALANCE XF204-2 (All versions \u003c V5.2.5), SCALANCE XF204-2BA IRT (All versions \u003c V5.5.0), SCALANCE XF204IRT (All versions \u003c V5.5.0), SCALANCE XF206-1 (All versions \u003c V5.2.5), SCALANCE XF208 (All versions \u003c V5.2.5), SIPLUS NET SCALANCE X202-2P IRT (All versions \u003c V5.5.0). There is a cross-site scripting vulnerability on the affected devices, that if used by a threat actor, it could result in session hijacking."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SCALANCE X200-4P IRT (Todas las versiones anteriores a V5.5.0), SCALANCE X201-3P IRT (Todas las versiones anteriores a V5.5.0), SCALANCE X201-3P IRT PRO (Todas las versiones anteriores a V5. 5.0), SCALANCE X202-2IRT (Todas las versiones anteriores a V5.5.0), SCALANCE X202-2P IRT (Todas las versiones anteriores a V5.5.0), SCALANCE X202-2P IRT PRO (Todas las versiones anteriores a V5.5. 0), SCALANCE X204-2 (Todas las versiones anteriores a V5.2.5), SCALANCE X204-2FM (Todas las versiones anteriores a V5.2.5), SCALANCE X204-2LD (Todas las versiones anteriores a V5.2.5), SCALANCE X204-2LD TS (Todas las versiones anteriores a V5. 2.5), SCALANCE X204-2TS (Todas las versiones anteriores a V5.2.5), SCALANCE X204IRT (Todas las versiones anteriores a V5.5.0), SCALANCE X204IRT PRO (Todas las versiones anteriores a V5.5.0), SCALANCE X206-1 (Todas las versiones anteriores a V5.2. 5), SCALANCE X206-1LD (Todas las versiones anteriores a V5.2.5), SCALANCE X208 (Todas las versiones anteriores a V5.2.5), SCALANCE X208PRO (Todas las versiones anteriores a V5.2.5), SCALANCE X212-2 (Todas las versiones anteriores a V5.2. 5), SCALANCE X212-2LD (Todas las versiones anteriores a V5.2.5), SCALANCE X216 (Todas las versiones anteriores a V5.2.5), SCALANCE X224 (Todas las versiones anteriores a V5.2.5), SCALANCE XF201-3P IRT (Todas las versiones anteriores a V5.5. 0), SCALANCE XF202-2P IRT (Todas las versiones anteriores a V5.5.0), SCALANCE XF204 (Todas las versiones anteriores a V5.2.5), SCALANCE XF204-2 (Todas las versiones anteriores a V5.2.5), SCALANCE XF204-2BA IRT (Todas las versiones anteriores a V5.5. 0), SCALANCE XF204IRT (Todas las versiones anteriores a V5.5.0), SCALANCE XF206-1 (Todas las versiones anteriores a V5.2.5), SCALANCE XF208 (Todas las versiones anteriores a V5.2.5), SIPLUS NET SCALANCE X202-2P IRT (Todas las versiones anteriores a V5.5.0). Se presenta una vulnerabilidad de tipo cross-site scripting en los dispositivos afectados, que si es usada por un actor de amenaza, podr\u00eda resultar en un secuestro de sesi\u00f3n"
}
],
"id": "CVE-2022-40631",
"lastModified": "2024-11-21T07:21:44.787",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-11T11:15:10.997",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501891.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501891.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-12 10:15
Modified
2024-11-21 06:54
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x200-4p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D98140A2-BA47-4E55-A796-FAC211B35CA9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x200-4p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9CBC72-92D9-4B3A-884F-33124C457016",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x201-3p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F45960F-8E24-497B-86D3-40816FDAFCAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3268CF75-6DAB-416A-B19B-2A8F95C268CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x201-3p_irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E81C7358-632C-47AC-A2D2-F3C390CC452A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "492E8AC1-338B-4AC3-90C7-1FADCD4528C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46CDE701-7989-4CB3-9E32-F802CD9F72B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8B1D979-038F-42F4-AB7D-E0664D051B4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11AEF3D6-96B0-431F-A664-E8E281CDA61C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB62730-E759-455A-A308-F9DB084B35B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2p_irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70610406-76B7-47E6-A389-622074C72617",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4726901-34BF-4F70-80A6-71648A4A29FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7CC15F-1CC5-414E-A243-9C9C35F954CF",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E38CE5A4-3EB1-4E93-BEB7-520E08DA6720",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2fm_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC81E9A8-2FED-4E24-B1D3-85E4E5032FA9",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2fm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCBC784-8EA0-4C6C-B504-DFC164028E4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB41E26-CBC9-4244-9CD3-0EC9D65C5087",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE27611-53E7-4162-8630-5BC334B02E37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ld_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE711C34-E9F1-46C8-B52E-F1833306E968",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ld_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FDEBD6B-6BE4-4FAD-A4E6-BE762595434D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB964676-5A88-460D-AFF5-EEFE4EE9D135",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FFC1E9-4326-4F41-A86A-C52AB6A9A674",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "526B5B4E-4482-4CD4-AE7C-120CC08FB74E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6716DCDE-BD3F-4BA2-A66A-A0C14C6A3C15",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23DA897E-DEF8-4A49-8EEB-07FBB82061F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1769DB7A-F832-4D89-8ED0-8677F750059D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x206-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48DBE5A6-DF82-4383-B9D3-4A7334F569D8",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x206-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5BB0F2-DD4C-4AB4-9B8F-B2501B239080",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x206-1ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A105670-E8C6-4C69-B4EF-EB4B56DC8D30",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x206-1ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFF7FB7-774B-45ED-8400-951230DF0511",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x208_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02394BC6-4048-4ADC-9878-E20CBE2D9F78",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B574E2-F7BA-496B-887C-D25F386AA5E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x208_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55201B05-1A02-4D54-85A0-586D23E10E6D",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x208_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C9BA52-59BD-49B2-B932-9A364D9E6365",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x212-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83149C2D-F2FD-40A7-B2D0-85528E94DC05",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x212-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E716A4E-50A9-4C52-8DA9-098F7506F4B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x212-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B82FACB-B526-4EC6-9A29-2B0E1EA09AC4",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x212-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C08CDEE3-43EB-475E-8571-6E12824714FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x216_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C526C0C4-3AFD-4945-B296-2AFA9D52ED6C",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x216:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C4BAB5-E161-4B59-8A8C-369C7852A66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x224_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34CD00B1-8169-49DB-B842-F0C6D70BBCD8",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x224:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2203895-BC4E-4B2F-9110-C2CD88A121F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf201-3p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C4E4AA9-CDFF-4742-8680-79711FBE865D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf201-3p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41614C70-97B4-44C8-A441-530A413A26F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf202-2p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08E037EF-75CD-4A27-96BC-7DAF113A7BE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6751FB7D-C72C-4321-B535-5880FE696FC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7D8017-DB9B-4396-8ABD-134AE7522577",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1AE867-67B4-4871-BF56-88017533A737",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB0658D-EB75-4B33-B840-82895017EB81",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69285324-4C0B-4BDC-B60D-F653679DD52D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204-2ba_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F316894-3BBB-4B72-8636-23868BF557AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204-2ba_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99E6AFAA-B903-47BB-B0F3-7650B039C0FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A192C830-E846-42FE-9AD2-1AAECDE1FCE3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57E5489B-277A-4D02-B4AB-4DB65969EED2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf206-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0493014-8AEF-477F-BC42-8B801B836F15",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf206-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B40D2EB-5C69-47FA-801B-DC48407D418C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf208_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0B21DF-5104-4EE5-B3C7-BFBB5DB1DC7C",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898613B2-4A9D-44B9-A3FC-4347A2AD7CAB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT PRO (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT PRO (All versions \u003c V5.5.2), SCALANCE X204-2 (All versions \u003c V5.2.6), SCALANCE X204-2FM (All versions \u003c V5.2.6), SCALANCE X204-2LD (All versions \u003c V5.2.6), SCALANCE X204-2LD TS (All versions \u003c V5.2.6), SCALANCE X204-2TS (All versions \u003c V5.2.6), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT PRO (All versions \u003c V5.5.2), SCALANCE X206-1 (All versions \u003c V5.2.6), SCALANCE X206-1LD (All versions \u003c V5.2.6), SCALANCE X208 (All versions \u003c V5.2.6), SCALANCE X208PRO (All versions \u003c V5.2.6), SCALANCE X212-2 (All versions \u003c V5.2.6), SCALANCE X212-2LD (All versions \u003c V5.2.6), SCALANCE X216 (All versions \u003c V5.2.6), SCALANCE X224 (All versions \u003c V5.2.6), SCALANCE XF201-3P IRT (All versions \u003c V5.5.2), SCALANCE XF202-2P IRT (All versions \u003c V5.5.2), SCALANCE XF204 (All versions \u003c V5.2.6), SCALANCE XF204-2 (All versions \u003c V5.2.6), SCALANCE XF204-2BA IRT (All versions \u003c V5.5.2), SCALANCE XF204IRT (All versions \u003c V5.5.2), SCALANCE XF206-1 (All versions \u003c V5.2.6), SCALANCE XF208 (All versions \u003c V5.2.6). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SCALANCE X200-4P IRT (Todas las versiones), SCALANCE X200-4P IRT (Todas las versiones), SCALANCE X201-3P IRT (Todas las versiones), SCALANCE X201-3P IRT (Todas las versiones), SCALANCE X201-3P IRT PRO (Todas las versiones) SCALANCE X202-2IRT (Todas las versiones), SCALANCE X202-2IRT (Todas las versiones), SCALANCE X202-2P IRT (Todas las versiones), SCALANCE X202-2P IRT (Todas las versiones), SCALANCE X202-2P IRT PRO (Todas las versiones), SCALANCE X202-2P IRT PRO (Todas las versiones), SCALANCE X204-2 (Todas las versiones anteriores a V5. 2.6), SCALANCE X204-2FM (Todas las versiones anteriores a V5.2.6), SCALANCE X204-2LD (Todas las versiones anteriores a V5.2.6), SCALANCE X204-2LD TS (Todas las versiones anteriores a V5.2.6), SCALANCE X204-2TS (Todas las versiones anteriores a V5.2. 6), SCALANCE X204IRT (Todas las versiones), SCALANCE X204IRT (Todas las versiones), SCALANCE X204IRT PRO (Todas las versiones), SCALANCE X204IRT PRO (Todas las versiones), SCALANCE X206-1 (Todas las versiones anteriores a V5.2.6), SCALANCE X206-1LD (Todas las versiones anteriores a V5. 2.6), SCALANCE X208 (Todas las versiones anteriores a V5.2.6), SCALANCE X208PRO (Todas las versiones anteriores a V5.2.6), SCALANCE X212-2 (Todas las versiones anteriores a V5.2.6), SCALANCE X212-2LD (Todas las versiones anteriores a V5.2.6), SCALANCE X216 (Todas las versiones anteriores a V5. 2.6), SCALANCE X224 (Todas las versiones anteriores a V5.2.6), SCALANCE XF201-3P IRT (Todas las versiones), SCALANCE XF202-2P IRT (Todas las versiones), SCALANCE XF204 (Todas las versiones anteriores a V5.2.6), SCALANCE XF204-2 (Todas las versiones anteriores a V5. 2.6), SCALANCE XF204-2BA IRT (Todas las versiones), SCALANCE XF204IRT (Todas las versiones), SCALANCE XF204IRT (Todas las versiones), SCALANCE XF206-1 (Todas las versiones anteriores a V5.2.6), SCALANCE XF208 (Todas las versiones anteriores a V5.2.6). El servidor web de los dispositivos afectados calcula los identificadores de sesi\u00f3n y los nonces de forma no segura. Esto podr\u00eda permitir a un atacante remoto no autenticado forzar los identificadores de sesi\u00f3n y secuestrar las sesiones existentes"
}
],
"id": "CVE-2022-26647",
"lastModified": "2024-11-21T06:54:15.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2022-07-12T10:15:10.257",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-12 10:15
Modified
2024-11-21 06:54
Severity ?
9.6 (Critical) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7CC15F-1CC5-414E-A243-9C9C35F954CF",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E38CE5A4-3EB1-4E93-BEB7-520E08DA6720",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2fm_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC81E9A8-2FED-4E24-B1D3-85E4E5032FA9",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2fm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCBC784-8EA0-4C6C-B504-DFC164028E4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB41E26-CBC9-4244-9CD3-0EC9D65C5087",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE27611-53E7-4162-8630-5BC334B02E37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ld_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE711C34-E9F1-46C8-B52E-F1833306E968",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ld_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FDEBD6B-6BE4-4FAD-A4E6-BE762595434D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB964676-5A88-460D-AFF5-EEFE4EE9D135",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FFC1E9-4326-4F41-A86A-C52AB6A9A674",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x206-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48DBE5A6-DF82-4383-B9D3-4A7334F569D8",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x206-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5BB0F2-DD4C-4AB4-9B8F-B2501B239080",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x206-1ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A105670-E8C6-4C69-B4EF-EB4B56DC8D30",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x206-1ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFF7FB7-774B-45ED-8400-951230DF0511",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x208_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02394BC6-4048-4ADC-9878-E20CBE2D9F78",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B574E2-F7BA-496B-887C-D25F386AA5E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x208_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55201B05-1A02-4D54-85A0-586D23E10E6D",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x208_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C9BA52-59BD-49B2-B932-9A364D9E6365",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x212-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83149C2D-F2FD-40A7-B2D0-85528E94DC05",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x212-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E716A4E-50A9-4C52-8DA9-098F7506F4B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x212-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B82FACB-B526-4EC6-9A29-2B0E1EA09AC4",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x212-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C08CDEE3-43EB-475E-8571-6E12824714FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x216_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C526C0C4-3AFD-4945-B296-2AFA9D52ED6C",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x216:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C4BAB5-E161-4B59-8A8C-369C7852A66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x224_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34CD00B1-8169-49DB-B842-F0C6D70BBCD8",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x224:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2203895-BC4E-4B2F-9110-C2CD88A121F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7D8017-DB9B-4396-8ABD-134AE7522577",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1AE867-67B4-4871-BF56-88017533A737",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB0658D-EB75-4B33-B840-82895017EB81",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69285324-4C0B-4BDC-B60D-F653679DD52D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf206-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0493014-8AEF-477F-BC42-8B801B836F15",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf206-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B40D2EB-5C69-47FA-801B-DC48407D418C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf208_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0B21DF-5104-4EE5-B3C7-BFBB5DB1DC7C",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898613B2-4A9D-44B9-A3FC-4347A2AD7CAB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x200-4p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D98140A2-BA47-4E55-A796-FAC211B35CA9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x200-4p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9CBC72-92D9-4B3A-884F-33124C457016",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x201-3p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F45960F-8E24-497B-86D3-40816FDAFCAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3268CF75-6DAB-416A-B19B-2A8F95C268CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x201-3p_irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E81C7358-632C-47AC-A2D2-F3C390CC452A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "492E8AC1-338B-4AC3-90C7-1FADCD4528C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46CDE701-7989-4CB3-9E32-F802CD9F72B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8B1D979-038F-42F4-AB7D-E0664D051B4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11AEF3D6-96B0-431F-A664-E8E281CDA61C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB62730-E759-455A-A308-F9DB084B35B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2p_irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70610406-76B7-47E6-A389-622074C72617",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4726901-34BF-4F70-80A6-71648A4A29FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "526B5B4E-4482-4CD4-AE7C-120CC08FB74E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6716DCDE-BD3F-4BA2-A66A-A0C14C6A3C15",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23DA897E-DEF8-4A49-8EEB-07FBB82061F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1769DB7A-F832-4D89-8ED0-8677F750059D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf201-3p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C4E4AA9-CDFF-4742-8680-79711FBE865D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf201-3p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41614C70-97B4-44C8-A441-530A413A26F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf202-2p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08E037EF-75CD-4A27-96BC-7DAF113A7BE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6751FB7D-C72C-4321-B535-5880FE696FC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204-2ba_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F316894-3BBB-4B72-8636-23868BF557AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204-2ba_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99E6AFAA-B903-47BB-B0F3-7650B039C0FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A192C830-E846-42FE-9AD2-1AAECDE1FCE3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57E5489B-277A-4D02-B4AB-4DB65969EED2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT PRO (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT PRO (All versions \u003c V5.5.2), SCALANCE X204-2 (All versions \u003c V5.2.6), SCALANCE X204-2FM (All versions \u003c V5.2.6), SCALANCE X204-2LD (All versions \u003c V5.2.6), SCALANCE X204-2LD TS (All versions \u003c V5.2.6), SCALANCE X204-2TS (All versions \u003c V5.2.6), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT PRO (All versions \u003c V5.5.2), SCALANCE X206-1 (All versions \u003c V5.2.6), SCALANCE X206-1LD (All versions \u003c V5.2.6), SCALANCE X208 (All versions \u003c V5.2.6), SCALANCE X208PRO (All versions \u003c V5.2.6), SCALANCE X212-2 (All versions \u003c V5.2.6), SCALANCE X212-2LD (All versions \u003c V5.2.6), SCALANCE X216 (All versions \u003c V5.2.6), SCALANCE X224 (All versions \u003c V5.2.6), SCALANCE XF201-3P IRT (All versions \u003c V5.5.2), SCALANCE XF202-2P IRT (All versions \u003c V5.5.2), SCALANCE XF204 (All versions \u003c V5.2.6), SCALANCE XF204-2 (All versions \u003c V5.2.6), SCALANCE XF204-2BA IRT (All versions \u003c V5.5.2), SCALANCE XF204IRT (All versions \u003c V5.5.2), SCALANCE XF206-1 (All versions \u003c V5.2.6), SCALANCE XF208 (All versions \u003c V5.2.6). Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SCALANCE X200-4P IRT (Todas las versiones), SCALANCE X200-4P IRT (Todas las versiones), SCALANCE X201-3P IRT (Todas las versiones), SCALANCE X201-3P IRT (Todas las versiones), SCALANCE X201-3P IRT PRO (Todas las versiones) SCALANCE X202-2IRT (Todas las versiones), SCALANCE X202-2IRT (Todas las versiones), SCALANCE X202-2P IRT (Todas las versiones), SCALANCE X202-2P IRT (Todas las versiones), SCALANCE X202-2P IRT PRO (Todas las versiones), SCALANCE X202-2P IRT PRO (Todas las versiones), SCALANCE X204-2 (Todas las versiones anteriores a V5. 2.6), SCALANCE X204-2FM (Todas las versiones anteriores a V5.2.6), SCALANCE X204-2LD (Todas las versiones anteriores a V5.2.6), SCALANCE X204-2LD TS (Todas las versiones anteriores a V5.2.6), SCALANCE X204-2TS (Todas las versiones anteriores a V5.2. 6), SCALANCE X204IRT (Todas las versiones), SCALANCE X204IRT (Todas las versiones), SCALANCE X204IRT PRO (Todas las versiones), SCALANCE X204IRT PRO (Todas las versiones), SCALANCE X206-1 (Todas las versiones anteriores a V5.2.6), SCALANCE X206-1LD (Todas las versiones anteriores a V5. 2.6), SCALANCE X208 (Todas las versiones anteriores a V5.2.6), SCALANCE X208PRO (Todas las versiones anteriores a V5.2.6), SCALANCE X212-2 (Todas las versiones anteriores a V5.2.6), SCALANCE X212-2LD (Todas las versiones anteriores a V5.2.6), SCALANCE X216 (Todas las versiones anteriores a V5. 2.6), SCALANCE X224 (Todas las versiones anteriores a V5.2.6), SCALANCE XF201-3P IRT (Todas las versiones), SCALANCE XF202-2P IRT (Todas las versiones), SCALANCE XF204 (Todas las versiones anteriores a V5.2.6), SCALANCE XF204-2 (Todas las versiones anteriores a V5. 2.6), SCALANCE XF204-2BA IRT (Todas las versiones), SCALANCE XF204IRT (Todas las versiones), SCALANCE XF204IRT (Todas las versiones), SCALANCE XF206-1 (Todas las versiones anteriores a V5.2.6), SCALANCE XF208 (Todas las versiones anteriores a V5.2.6). Los dispositivos afectados no comprueban correctamente el URI de las peticiones HTTP GET entrantes. Esto podr\u00eda permitir a un atacante remoto no autenticado bloquear los dispositivos afectados"
}
],
"id": "CVE-2022-26649",
"lastModified": "2024-11-21T06:54:15.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2022-07-12T10:15:10.367",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-12 10:15
Modified
2024-11-21 06:54
Severity ?
8.2 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7CC15F-1CC5-414E-A243-9C9C35F954CF",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E38CE5A4-3EB1-4E93-BEB7-520E08DA6720",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2fm_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC81E9A8-2FED-4E24-B1D3-85E4E5032FA9",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2fm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCBC784-8EA0-4C6C-B504-DFC164028E4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB41E26-CBC9-4244-9CD3-0EC9D65C5087",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE27611-53E7-4162-8630-5BC334B02E37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ld_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE711C34-E9F1-46C8-B52E-F1833306E968",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ld_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FDEBD6B-6BE4-4FAD-A4E6-BE762595434D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204-2ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB964676-5A88-460D-AFF5-EEFE4EE9D135",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204-2ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FFC1E9-4326-4F41-A86A-C52AB6A9A674",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x206-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48DBE5A6-DF82-4383-B9D3-4A7334F569D8",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x206-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5BB0F2-DD4C-4AB4-9B8F-B2501B239080",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x206-1ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A105670-E8C6-4C69-B4EF-EB4B56DC8D30",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x206-1ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFF7FB7-774B-45ED-8400-951230DF0511",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x208_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02394BC6-4048-4ADC-9878-E20CBE2D9F78",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B574E2-F7BA-496B-887C-D25F386AA5E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x208_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55201B05-1A02-4D54-85A0-586D23E10E6D",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x208_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C9BA52-59BD-49B2-B932-9A364D9E6365",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x212-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83149C2D-F2FD-40A7-B2D0-85528E94DC05",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x212-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E716A4E-50A9-4C52-8DA9-098F7506F4B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x212-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B82FACB-B526-4EC6-9A29-2B0E1EA09AC4",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x212-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C08CDEE3-43EB-475E-8571-6E12824714FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x216_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C526C0C4-3AFD-4945-B296-2AFA9D52ED6C",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x216:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C4BAB5-E161-4B59-8A8C-369C7852A66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x224_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34CD00B1-8169-49DB-B842-F0C6D70BBCD8",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x224:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2203895-BC4E-4B2F-9110-C2CD88A121F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7D8017-DB9B-4396-8ABD-134AE7522577",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1AE867-67B4-4871-BF56-88017533A737",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB0658D-EB75-4B33-B840-82895017EB81",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69285324-4C0B-4BDC-B60D-F653679DD52D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf206-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0493014-8AEF-477F-BC42-8B801B836F15",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf206-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B40D2EB-5C69-47FA-801B-DC48407D418C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf208_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0B21DF-5104-4EE5-B3C7-BFBB5DB1DC7C",
"versionEndExcluding": "5.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898613B2-4A9D-44B9-A3FC-4347A2AD7CAB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x200-4p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D98140A2-BA47-4E55-A796-FAC211B35CA9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x200-4p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9CBC72-92D9-4B3A-884F-33124C457016",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x201-3p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F45960F-8E24-497B-86D3-40816FDAFCAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3268CF75-6DAB-416A-B19B-2A8F95C268CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x201-3p_irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E81C7358-632C-47AC-A2D2-F3C390CC452A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "492E8AC1-338B-4AC3-90C7-1FADCD4528C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46CDE701-7989-4CB3-9E32-F802CD9F72B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8B1D979-038F-42F4-AB7D-E0664D051B4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11AEF3D6-96B0-431F-A664-E8E281CDA61C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB62730-E759-455A-A308-F9DB084B35B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2p_irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70610406-76B7-47E6-A389-622074C72617",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4726901-34BF-4F70-80A6-71648A4A29FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "526B5B4E-4482-4CD4-AE7C-120CC08FB74E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6716DCDE-BD3F-4BA2-A66A-A0C14C6A3C15",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204irt_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23DA897E-DEF8-4A49-8EEB-07FBB82061F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204irt_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1769DB7A-F832-4D89-8ED0-8677F750059D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf201-3p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C4E4AA9-CDFF-4742-8680-79711FBE865D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf201-3p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41614C70-97B4-44C8-A441-530A413A26F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf202-2p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08E037EF-75CD-4A27-96BC-7DAF113A7BE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6751FB7D-C72C-4321-B535-5880FE696FC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204-2ba_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F316894-3BBB-4B72-8636-23868BF557AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204-2ba_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99E6AFAA-B903-47BB-B0F3-7650B039C0FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A192C830-E846-42FE-9AD2-1AAECDE1FCE3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57E5489B-277A-4D02-B4AB-4DB65969EED2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT PRO (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT PRO (All versions \u003c V5.5.2), SCALANCE X204-2 (All versions \u003c V5.2.6), SCALANCE X204-2FM (All versions \u003c V5.2.6), SCALANCE X204-2LD (All versions \u003c V5.2.6), SCALANCE X204-2LD TS (All versions \u003c V5.2.6), SCALANCE X204-2TS (All versions \u003c V5.2.6), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT PRO (All versions \u003c V5.5.2), SCALANCE X206-1 (All versions \u003c V5.2.6), SCALANCE X206-1LD (All versions \u003c V5.2.6), SCALANCE X208 (All versions \u003c V5.2.6), SCALANCE X208PRO (All versions \u003c V5.2.6), SCALANCE X212-2 (All versions \u003c V5.2.6), SCALANCE X212-2LD (All versions \u003c V5.2.6), SCALANCE X216 (All versions \u003c V5.2.6), SCALANCE X224 (All versions \u003c V5.2.6), SCALANCE XF201-3P IRT (All versions \u003c V5.5.2), SCALANCE XF202-2P IRT (All versions \u003c V5.5.2), SCALANCE XF204 (All versions \u003c V5.2.6), SCALANCE XF204-2 (All versions \u003c V5.2.6), SCALANCE XF204-2BA IRT (All versions \u003c V5.5.2), SCALANCE XF204IRT (All versions \u003c V5.5.2), SCALANCE XF206-1 (All versions \u003c V5.2.6), SCALANCE XF208 (All versions \u003c V5.2.6). Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SCALANCE X200-4P IRT (Todas las versiones), SCALANCE X200-4P IRT (Todas las versiones), SCALANCE X201-3P IRT (Todas las versiones), SCALANCE X201-3P IRT (Todas las versiones), SCALANCE X201-3P IRT PRO (Todas las versiones) SCALANCE X202-2IRT (Todas las versiones), SCALANCE X202-2IRT (Todas las versiones), SCALANCE X202-2P IRT (Todas las versiones), SCALANCE X202-2P IRT (Todas las versiones), SCALANCE X202-2P IRT PRO (Todas las versiones), SCALANCE X202-2P IRT PRO (Todas las versiones), SCALANCE X204-2 (Todas las versiones anteriores a V5. 2.6), SCALANCE X204-2FM (Todas las versiones anteriores a V5.2.6), SCALANCE X204-2LD (Todas las versiones anteriores a V5.2.6), SCALANCE X204-2LD TS (Todas las versiones anteriores a V5.2.6), SCALANCE X204-2TS (Todas las versiones anteriores a V5.2. 6), SCALANCE X204IRT (Todas las versiones), SCALANCE X204IRT (Todas las versiones), SCALANCE X204IRT PRO (Todas las versiones), SCALANCE X204IRT PRO (Todas las versiones), SCALANCE X206-1 (Todas las versiones anteriores a V5.2.6), SCALANCE X206-1LD (Todas las versiones anteriores a V5. 2.6), SCALANCE X208 (Todas las versiones anteriores a V5.2.6), SCALANCE X208PRO (Todas las versiones anteriores a V5.2.6), SCALANCE X212-2 (Todas las versiones anteriores a V5.2.6), SCALANCE X212-2LD (Todas las versiones anteriores a V5.2.6), SCALANCE X216 (Todas las versiones anteriores a V5. 2.6), SCALANCE X224 (Todas las versiones anteriores a V5.2.6), SCALANCE XF201-3P IRT (Todas las versiones), SCALANCE XF202-2P IRT (Todas las versiones), SCALANCE XF204 (Todas las versiones anteriores a V5.2.6), SCALANCE XF204-2 (Todas las versiones anteriores a V5. 2.6), SCALANCE XF204-2BA IRT (Todas las versiones), SCALANCE XF204IRT (Todas las versiones), SCALANCE XF204IRT (Todas las versiones), SCALANCE XF206-1 (Todas las versiones anteriores a V5.2.6), SCALANCE XF208 (Todas las versiones anteriores a V5.2.6). Los dispositivos afectados no comprueban correctamente el par\u00e1metro GET XNo de las peticiones HTTP entrantes. Esto podr\u00eda permitir a un atacante remoto no autenticado bloquear los dispositivos afectados"
}
],
"id": "CVE-2022-26648",
"lastModified": "2024-11-21T06:54:15.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 5.3,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2022-07-12T10:15:10.313",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
cve-2022-26649
Vulnerability from cvelistv5
Published
2022-07-12 10:06
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SCALANCE X200-4P IRT |
Version: All versions < V5.5.2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:11:43.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SCALANCE X200-4P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X201-3P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2FM",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2LD TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X206-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X206-1LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X208",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X208PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X212-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X212-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X216",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X224",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204-2BA IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF206-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF208",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT PRO (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT PRO (All versions \u003c V5.5.2), SCALANCE X204-2 (All versions \u003c V5.2.6), SCALANCE X204-2FM (All versions \u003c V5.2.6), SCALANCE X204-2LD (All versions \u003c V5.2.6), SCALANCE X204-2LD TS (All versions \u003c V5.2.6), SCALANCE X204-2TS (All versions \u003c V5.2.6), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT PRO (All versions \u003c V5.5.2), SCALANCE X206-1 (All versions \u003c V5.2.6), SCALANCE X206-1LD (All versions \u003c V5.2.6), SCALANCE X208 (All versions \u003c V5.2.6), SCALANCE X208PRO (All versions \u003c V5.2.6), SCALANCE X212-2 (All versions \u003c V5.2.6), SCALANCE X212-2LD (All versions \u003c V5.2.6), SCALANCE X216 (All versions \u003c V5.2.6), SCALANCE X224 (All versions \u003c V5.2.6), SCALANCE XF201-3P IRT (All versions \u003c V5.5.2), SCALANCE XF202-2P IRT (All versions \u003c V5.5.2), SCALANCE XF204 (All versions \u003c V5.2.6), SCALANCE XF204-2 (All versions \u003c V5.2.6), SCALANCE XF204-2BA IRT (All versions \u003c V5.5.2), SCALANCE XF204IRT (All versions \u003c V5.5.2), SCALANCE XF206-1 (All versions \u003c V5.2.6), SCALANCE XF208 (All versions \u003c V5.2.6). Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T09:02:21.918Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-26649",
"datePublished": "2022-07-12T10:06:35",
"dateReserved": "2022-03-07T00:00:00",
"dateUpdated": "2024-08-03T05:11:43.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-40631
Vulnerability from cvelistv5
Published
2022-10-11 00:00
Modified
2024-08-03 12:21
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT (All versions < V5.5.0), SCALANCE X202-2P IRT (All versions < V5.5.0), SCALANCE X202-2P IRT PRO (All versions < V5.5.0), SCALANCE X204-2 (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X204IRT (All versions < V5.5.0), SCALANCE X204IRT PRO (All versions < V5.5.0), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < V5.5.0), SCALANCE XF202-2P IRT (All versions < V5.5.0), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204-2 (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < V5.5.0), SCALANCE XF204IRT (All versions < V5.5.0), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.0). There is a cross-site scripting vulnerability on the affected devices, that if used by a threat actor, it could result in session hijacking.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SCALANCE X200-4P IRT |
Version: All versions < V5.5.0 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501891.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SCALANCE X200-4P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.0"
}
]
},
{
"product": "SCALANCE X201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.0"
}
]
},
{
"product": "SCALANCE X201-3P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.0"
}
]
},
{
"product": "SCALANCE X202-2IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.0"
}
]
},
{
"product": "SCALANCE X202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.0"
}
]
},
{
"product": "SCALANCE X202-2P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.0"
}
]
},
{
"product": "SCALANCE X204-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X204-2FM",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X204-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X204-2LD TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X204-2TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X204IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.0"
}
]
},
{
"product": "SCALANCE X204IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.0"
}
]
},
{
"product": "SCALANCE X206-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X206-1LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X208",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X208PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X212-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X212-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X216",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X224",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE XF201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.0"
}
]
},
{
"product": "SCALANCE XF202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.0"
}
]
},
{
"product": "SCALANCE XF204",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE XF204-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE XF204-2BA IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.0"
}
]
},
{
"product": "SCALANCE XF204IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.0"
}
]
},
{
"product": "SCALANCE XF206-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE XF208",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SIPLUS NET SCALANCE X202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c V5.5.0), SCALANCE X201-3P IRT (All versions \u003c V5.5.0), SCALANCE X201-3P IRT PRO (All versions \u003c V5.5.0), SCALANCE X202-2IRT (All versions \u003c V5.5.0), SCALANCE X202-2P IRT (All versions \u003c V5.5.0), SCALANCE X202-2P IRT PRO (All versions \u003c V5.5.0), SCALANCE X204-2 (All versions \u003c V5.2.5), SCALANCE X204-2FM (All versions \u003c V5.2.5), SCALANCE X204-2LD (All versions \u003c V5.2.5), SCALANCE X204-2LD TS (All versions \u003c V5.2.5), SCALANCE X204-2TS (All versions \u003c V5.2.5), SCALANCE X204IRT (All versions \u003c V5.5.0), SCALANCE X204IRT PRO (All versions \u003c V5.5.0), SCALANCE X206-1 (All versions \u003c V5.2.5), SCALANCE X206-1LD (All versions \u003c V5.2.5), SCALANCE X208 (All versions \u003c V5.2.5), SCALANCE X208PRO (All versions \u003c V5.2.5), SCALANCE X212-2 (All versions \u003c V5.2.5), SCALANCE X212-2LD (All versions \u003c V5.2.5), SCALANCE X216 (All versions \u003c V5.2.5), SCALANCE X224 (All versions \u003c V5.2.5), SCALANCE XF201-3P IRT (All versions \u003c V5.5.0), SCALANCE XF202-2P IRT (All versions \u003c V5.5.0), SCALANCE XF204 (All versions \u003c V5.2.5), SCALANCE XF204-2 (All versions \u003c V5.2.5), SCALANCE XF204-2BA IRT (All versions \u003c V5.5.0), SCALANCE XF204IRT (All versions \u003c V5.5.0), SCALANCE XF206-1 (All versions \u003c V5.2.5), SCALANCE XF208 (All versions \u003c V5.2.5), SIPLUS NET SCALANCE X202-2P IRT (All versions \u003c V5.5.0). There is a cross-site scripting vulnerability on the affected devices, that if used by a threat actor, it could result in session hijacking."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-11T00:00:00",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501891.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-40631",
"datePublished": "2022-10-11T00:00:00",
"dateReserved": "2022-09-13T00:00:00",
"dateUpdated": "2024-08-03T12:21:46.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26648
Vulnerability from cvelistv5
Published
2022-07-12 10:06
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SCALANCE X200-4P IRT |
Version: All versions < V5.5.2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:11:43.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SCALANCE X200-4P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X201-3P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2FM",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2LD TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X206-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X206-1LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X208",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X208PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X212-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X212-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X216",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X224",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204-2BA IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF206-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF208",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT PRO (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT PRO (All versions \u003c V5.5.2), SCALANCE X204-2 (All versions \u003c V5.2.6), SCALANCE X204-2FM (All versions \u003c V5.2.6), SCALANCE X204-2LD (All versions \u003c V5.2.6), SCALANCE X204-2LD TS (All versions \u003c V5.2.6), SCALANCE X204-2TS (All versions \u003c V5.2.6), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT PRO (All versions \u003c V5.5.2), SCALANCE X206-1 (All versions \u003c V5.2.6), SCALANCE X206-1LD (All versions \u003c V5.2.6), SCALANCE X208 (All versions \u003c V5.2.6), SCALANCE X208PRO (All versions \u003c V5.2.6), SCALANCE X212-2 (All versions \u003c V5.2.6), SCALANCE X212-2LD (All versions \u003c V5.2.6), SCALANCE X216 (All versions \u003c V5.2.6), SCALANCE X224 (All versions \u003c V5.2.6), SCALANCE XF201-3P IRT (All versions \u003c V5.5.2), SCALANCE XF202-2P IRT (All versions \u003c V5.5.2), SCALANCE XF204 (All versions \u003c V5.2.6), SCALANCE XF204-2 (All versions \u003c V5.2.6), SCALANCE XF204-2BA IRT (All versions \u003c V5.5.2), SCALANCE XF204IRT (All versions \u003c V5.5.2), SCALANCE XF206-1 (All versions \u003c V5.2.6), SCALANCE XF208 (All versions \u003c V5.2.6). Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T09:02:20.560Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-26648",
"datePublished": "2022-07-12T10:06:34",
"dateReserved": "2022-03-07T00:00:00",
"dateUpdated": "2024-08-03T05:11:43.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26647
Vulnerability from cvelistv5
Published
2022-07-12 10:06
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SCALANCE X200-4P IRT |
Version: All versions < V5.5.2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:11:43.345Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SCALANCE X200-4P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X201-3P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2FM",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2LD TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X206-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X206-1LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X208",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X208PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X212-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X212-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X216",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X224",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204-2BA IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF206-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF208",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT PRO (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT PRO (All versions \u003c V5.5.2), SCALANCE X204-2 (All versions \u003c V5.2.6), SCALANCE X204-2FM (All versions \u003c V5.2.6), SCALANCE X204-2LD (All versions \u003c V5.2.6), SCALANCE X204-2LD TS (All versions \u003c V5.2.6), SCALANCE X204-2TS (All versions \u003c V5.2.6), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT PRO (All versions \u003c V5.5.2), SCALANCE X206-1 (All versions \u003c V5.2.6), SCALANCE X206-1LD (All versions \u003c V5.2.6), SCALANCE X208 (All versions \u003c V5.2.6), SCALANCE X208PRO (All versions \u003c V5.2.6), SCALANCE X212-2 (All versions \u003c V5.2.6), SCALANCE X212-2LD (All versions \u003c V5.2.6), SCALANCE X216 (All versions \u003c V5.2.6), SCALANCE X224 (All versions \u003c V5.2.6), SCALANCE XF201-3P IRT (All versions \u003c V5.5.2), SCALANCE XF202-2P IRT (All versions \u003c V5.5.2), SCALANCE XF204 (All versions \u003c V5.2.6), SCALANCE XF204-2 (All versions \u003c V5.2.6), SCALANCE XF204-2BA IRT (All versions \u003c V5.5.2), SCALANCE XF204IRT (All versions \u003c V5.5.2), SCALANCE XF206-1 (All versions \u003c V5.2.6), SCALANCE XF208 (All versions \u003c V5.2.6). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330: Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T09:02:19.204Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-26647",
"datePublished": "2022-07-12T10:06:32",
"dateReserved": "2022-03-07T00:00:00",
"dateUpdated": "2024-08-03T05:11:43.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25669
Vulnerability from cvelistv5
Published
2021-04-22 20:42
Modified
2024-08-03 20:11
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions < 5.5.1), SCALANCE X202-2P IRT PRO (All versions < 5.5.1), SCALANCE X204 IRT (All versions < 5.5.1), SCALANCE X204 IRT PRO (All versions < 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < 5.5.1), SCALANCE XF202-2P IRT (All versions < 5.5.1), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204 IRT (All versions < 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < 5.5.1), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5). Incorrect processing of POST requests in the web server may write out of bounds in stack. An attacker might leverage this to denial-of-service of the device or remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SCALANCE X200-4P IRT |
Version: All versions < 5.5.1 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SCALANCE X200-4P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE X201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE X201-3P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE X202-2 IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE X202-2P IRT (incl. SIPLUS NET variant)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE X202-2P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE X204 IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE X204 IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE X204-2 (incl. SIPLUS NET variant)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X204-2FM",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X204-2LD (incl. SIPLUS NET variant)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X204-2LD TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X204-2TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X206-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X206-1LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X208 (incl. SIPLUS NET variant)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X208PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X212-2 (incl. SIPLUS NET variant)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X212-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X216",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X224",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE XF201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE XF202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE XF204",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE XF204 IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE XF204-2 (incl. SIPLUS NET variant)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE XF204-2BA IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE XF206-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE XF208",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c 5.5.1), SCALANCE X201-3P IRT (All versions \u003c 5.5.1), SCALANCE X201-3P IRT PRO (All versions \u003c 5.5.1), SCALANCE X202-2 IRT (All versions \u003c 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions \u003c 5.5.1), SCALANCE X202-2P IRT PRO (All versions \u003c 5.5.1), SCALANCE X204 IRT (All versions \u003c 5.5.1), SCALANCE X204 IRT PRO (All versions \u003c 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X204-2FM (All versions \u003c V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X204-2LD TS (All versions \u003c V5.2.5), SCALANCE X204-2TS (All versions \u003c V5.2.5), SCALANCE X206-1 (All versions \u003c V5.2.5), SCALANCE X206-1LD (All versions \u003c V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X208PRO (All versions \u003c V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X212-2LD (All versions \u003c V5.2.5), SCALANCE X216 (All versions \u003c V5.2.5), SCALANCE X224 (All versions \u003c V5.2.5), SCALANCE XF201-3P IRT (All versions \u003c 5.5.1), SCALANCE XF202-2P IRT (All versions \u003c 5.5.1), SCALANCE XF204 (All versions \u003c V5.2.5), SCALANCE XF204 IRT (All versions \u003c 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE XF204-2BA IRT (All versions \u003c 5.5.1), SCALANCE XF206-1 (All versions \u003c V5.2.5), SCALANCE XF208 (All versions \u003c V5.2.5). Incorrect processing of POST requests in the web server may write out of bounds in stack. An attacker might leverage this to denial-of-service of the device or remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-14T10:47:24",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-25669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SCALANCE X200-4P IRT",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X201-3P IRT",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X201-3P IRT PRO",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X202-2 IRT",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X202-2P IRT (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X202-2P IRT PRO",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X204 IRT",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X204 IRT PRO",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X204-2 (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X204-2FM",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X204-2LD (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X204-2LD TS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X204-2TS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X206-1",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X206-1LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X208 (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X208PRO",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X212-2 (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X212-2LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X216",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X224",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE XF201-3P IRT",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE XF202-2P IRT",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE XF204",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE XF204 IRT",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE XF204-2 (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE XF204-2BA IRT",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE XF206-1",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE XF208",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c 5.5.1), SCALANCE X201-3P IRT (All versions \u003c 5.5.1), SCALANCE X201-3P IRT PRO (All versions \u003c 5.5.1), SCALANCE X202-2 IRT (All versions \u003c 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions \u003c 5.5.1), SCALANCE X202-2P IRT PRO (All versions \u003c 5.5.1), SCALANCE X204 IRT (All versions \u003c 5.5.1), SCALANCE X204 IRT PRO (All versions \u003c 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X204-2FM (All versions \u003c V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X204-2LD TS (All versions \u003c V5.2.5), SCALANCE X204-2TS (All versions \u003c V5.2.5), SCALANCE X206-1 (All versions \u003c V5.2.5), SCALANCE X206-1LD (All versions \u003c V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X208PRO (All versions \u003c V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X212-2LD (All versions \u003c V5.2.5), SCALANCE X216 (All versions \u003c V5.2.5), SCALANCE X224 (All versions \u003c V5.2.5), SCALANCE XF201-3P IRT (All versions \u003c 5.5.1), SCALANCE XF202-2P IRT (All versions \u003c 5.5.1), SCALANCE XF204 (All versions \u003c V5.2.5), SCALANCE XF204 IRT (All versions \u003c 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE XF204-2BA IRT (All versions \u003c 5.5.1), SCALANCE XF206-1 (All versions \u003c V5.2.5), SCALANCE XF208 (All versions \u003c V5.2.5). Incorrect processing of POST requests in the web server may write out of bounds in stack. An attacker might leverage this to denial-of-service of the device or remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-25669",
"datePublished": "2021-04-22T20:42:20",
"dateReserved": "2021-01-21T00:00:00",
"dateUpdated": "2024-08-03T20:11:27.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-29998
Vulnerability from cvelistv5
Published
2021-04-13 16:16
Modified
2024-08-03 22:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support2.windriver.com/index.php?page=security-notices | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf | x_refsource_CONFIRM | |
| https://us-cert.cisa.gov/ics/advisories/icsa-21-194-12 | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-910883.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:24:59.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support2.windriver.com/index.php?page=security-notices"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-910883.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-12T10:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support2.windriver.com/index.php?page=security-notices"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-910883.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-29998",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support2.windriver.com/index.php?page=security-notices",
"refsource": "MISC",
"url": "https://support2.windriver.com/index.php?page=security-notices"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-12",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-12"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-910883.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-910883.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-29998",
"datePublished": "2021-04-13T16:16:51",
"dateReserved": "2021-04-02T00:00:00",
"dateUpdated": "2024-08-03T22:24:59.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25668
Vulnerability from cvelistv5
Published
2021-04-22 20:42
Modified
2024-08-03 20:11
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions < 5.5.1), SCALANCE X202-2P IRT PRO (All versions < 5.5.1), SCALANCE X204 IRT (All versions < 5.5.1), SCALANCE X204 IRT PRO (All versions < 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < 5.5.1), SCALANCE XF202-2P IRT (All versions < 5.5.1), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204 IRT (All versions < 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < 5.5.1), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5). Incorrect processing of POST requests in the webserver may result in write out of bounds in heap. An attacker might leverage this to cause denial-of-service on the device and potentially remotely execute code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SCALANCE X200-4P IRT |
Version: All versions < 5.5.1 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SCALANCE X200-4P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE X201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE X201-3P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE X202-2 IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE X202-2P IRT (incl. SIPLUS NET variant)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE X202-2P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE X204 IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE X204 IRT PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE X204-2 (incl. SIPLUS NET variant)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X204-2FM",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X204-2LD (incl. SIPLUS NET variant)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X204-2LD TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X204-2TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X206-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X206-1LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X208 (incl. SIPLUS NET variant)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X208PRO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X212-2 (incl. SIPLUS NET variant)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X212-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X216",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X224",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE XF201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE XF202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE XF204",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE XF204 IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE XF204-2 (incl. SIPLUS NET variant)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE XF204-2BA IRT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.5.1"
}
]
},
{
"product": "SCALANCE XF206-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE XF208",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c 5.5.1), SCALANCE X201-3P IRT (All versions \u003c 5.5.1), SCALANCE X201-3P IRT PRO (All versions \u003c 5.5.1), SCALANCE X202-2 IRT (All versions \u003c 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions \u003c 5.5.1), SCALANCE X202-2P IRT PRO (All versions \u003c 5.5.1), SCALANCE X204 IRT (All versions \u003c 5.5.1), SCALANCE X204 IRT PRO (All versions \u003c 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X204-2FM (All versions \u003c V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X204-2LD TS (All versions \u003c V5.2.5), SCALANCE X204-2TS (All versions \u003c V5.2.5), SCALANCE X206-1 (All versions \u003c V5.2.5), SCALANCE X206-1LD (All versions \u003c V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X208PRO (All versions \u003c V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X212-2LD (All versions \u003c V5.2.5), SCALANCE X216 (All versions \u003c V5.2.5), SCALANCE X224 (All versions \u003c V5.2.5), SCALANCE XF201-3P IRT (All versions \u003c 5.5.1), SCALANCE XF202-2P IRT (All versions \u003c 5.5.1), SCALANCE XF204 (All versions \u003c V5.2.5), SCALANCE XF204 IRT (All versions \u003c 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE XF204-2BA IRT (All versions \u003c 5.5.1), SCALANCE XF206-1 (All versions \u003c V5.2.5), SCALANCE XF208 (All versions \u003c V5.2.5). Incorrect processing of POST requests in the webserver may result in write out of bounds in heap. An attacker might leverage this to cause denial-of-service on the device and potentially remotely execute code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-14T10:47:23",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-25668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SCALANCE X200-4P IRT",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X201-3P IRT",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X201-3P IRT PRO",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X202-2 IRT",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X202-2P IRT (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X202-2P IRT PRO",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X204 IRT",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X204 IRT PRO",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X204-2 (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X204-2FM",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X204-2LD (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X204-2LD TS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X204-2TS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X206-1",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X206-1LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X208 (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X208PRO",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X212-2 (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X212-2LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X216",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X224",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE XF201-3P IRT",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE XF202-2P IRT",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE XF204",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE XF204 IRT",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE XF204-2 (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE XF204-2BA IRT",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE XF206-1",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE XF208",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c 5.5.1), SCALANCE X201-3P IRT (All versions \u003c 5.5.1), SCALANCE X201-3P IRT PRO (All versions \u003c 5.5.1), SCALANCE X202-2 IRT (All versions \u003c 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions \u003c 5.5.1), SCALANCE X202-2P IRT PRO (All versions \u003c 5.5.1), SCALANCE X204 IRT (All versions \u003c 5.5.1), SCALANCE X204 IRT PRO (All versions \u003c 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X204-2FM (All versions \u003c V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X204-2LD TS (All versions \u003c V5.2.5), SCALANCE X204-2TS (All versions \u003c V5.2.5), SCALANCE X206-1 (All versions \u003c V5.2.5), SCALANCE X206-1LD (All versions \u003c V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X208PRO (All versions \u003c V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X212-2LD (All versions \u003c V5.2.5), SCALANCE X216 (All versions \u003c V5.2.5), SCALANCE X224 (All versions \u003c V5.2.5), SCALANCE XF201-3P IRT (All versions \u003c 5.5.1), SCALANCE XF202-2P IRT (All versions \u003c 5.5.1), SCALANCE XF204 (All versions \u003c V5.2.5), SCALANCE XF204 IRT (All versions \u003c 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE XF204-2BA IRT (All versions \u003c 5.5.1), SCALANCE XF206-1 (All versions \u003c V5.2.5), SCALANCE XF208 (All versions \u003c V5.2.5). Incorrect processing of POST requests in the webserver may result in write out of bounds in heap. An attacker might leverage this to cause denial-of-service on the device and potentially remotely execute code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-25668",
"datePublished": "2021-04-22T20:42:20",
"dateReserved": "2021-01-21T00:00:00",
"dateUpdated": "2024-08-03T20:11:27.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}