All the vulnerabilites related to siemens - scalance_x408-2
Vulnerability from fkie_nvd
Published
2022-04-12 09:15
Modified
2024-11-21 06:52
Severity ?
Summary
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server of the affected device could allow remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf | Mitigation, Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x302-7eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB6F150-2662-44AE-8DC1-0B0A426E8352",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x302-7eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E97B3B-1808-45D2-97B7-CF31CA6E7A60",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x304-2fe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F4071F-1AE2-4FAD-A8CB-1619552101A3",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x304-2fe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0087A1C6-AA76-4FD6-BAA1-D3190D2A0116",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x306-1ldfe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B78CFDF-1B15-4A4B-99D4-8CC5E1867BD1",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x306-1ldfe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "880CF41B-B25D-4744-8E8B-C4B131932B1B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x307-2eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB1094D-3F8A-4331-ABB9-46B73F7E008F",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x307-2eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "804EE08B-75A1-4CF6-9C30-8CF0CDC39658",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x307-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE21803A-A5CA-482A-ABD2-C9A547831BF6",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x307-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55EF0738-C9EF-4E4B-A7E7-ECC1B5F0678A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x307-3ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EEBFBB10-35E0-46BB-A937-E9A933C4D5BC",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x307-3ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7737F0C2-43FC-4330-88F2-9B08BA5B35D7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C91F6DD-A74C-4310-88AB-63A39D0208BE",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CCED3E4-38EF-4645-B25C-4F2C3D4E091C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B5513D8-59DD-4EE1-B2E8-F800D1DA7BC5",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1909FA-C8C6-46BE-83C6-2635D36FE69B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2lh_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A11DE626-D744-49A7-93C4-FE2C2AF5245F",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2lh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDBD94D-5312-4A54-AF76-D9DF791C0292",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2lh\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC259CD1-5C79-4491-B375-7A69116F2747",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2lh\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85153EED-C677-495D-A6BB-72365DE1ED3F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79918934-7B0B-4032-972E-2347CD33029D",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC54911E-C432-48FA-9551-9644422FFE14",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2m_poe_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00FBD442-84AA-48F3-8AD1-5767FFB2FC3F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2m_poe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E22C57C-2BD6-4C39-93D2-5D81A58EA6F0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2m_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E72D4503-5AAE-4C6F-BAE9-FA51701191B1",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2m_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFCCB68C-A58D-4543-A11F-721B01FFBBA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x310_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA2333C8-E9C7-43D8-9EAA-A88ECAAB4236",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE3716E-1C0A-4B72-809A-8318E5853FB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x310fe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EECD381-262F-4C47-90E1-7B44092C74BD",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x310fe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB34E83-83A3-45C3-B040-D8910971D439",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x320-1fe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36C40232-5696-44CC-B38F-5331A745C760",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x320-1fe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC54880F-CBF4-4772-A4FB-B07D97287D44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x320-1-2ldfe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F1969E4-CFD6-4AC7-956E-374967F5C406",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x320-1-2ldfe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D400F5-AD80-4536-A99D-793E1560757B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x408-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3ACB931D-C484-42F4-9912-24B44FE97017",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x408-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C632B90-EB11-4A4C-8128-DABBE044B9AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-4m_eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1EFA152-D29B-4116-A3D2-ACF7A025E053",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-4m_eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F952542-6B79-4681-A236-15C188AAEB1E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-4m_poe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "935CD21D-0471-4D1F-AF81-B1F996A9EFAB",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-4m_poe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "664D9C76-BC13-4874-939C-A8211DA33903",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-4m_poe_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C0F1FB-8B5E-448C-A304-FDDCB3DFCDD4",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-4m_poe_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4834A67B-7B0B-4F88-BBFB-25667FD68EC5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-12m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E0E1F54-D9EA-4AFB-80EF-0A585EC3C641",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-12m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36C9AE74-4683-4ED0-A605-3A6B065C230E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-12m_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC03DF92-C7A1-4232-AFDF-04B2B50666DB",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-12m_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4356417E-B4CB-45B0-B395-CE9D423FAB44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_net_scalance_x308-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25103533-B9BC-4553-B195-AF5CACAB713B",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_net_scalance_x308-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C48C944-324B-4390-B9D1-3D0FC3DD5BFD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server of the affected device could allow remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, revestido), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, revestido), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, revestido), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, revestido), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, revestido), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, revestido), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, revestido), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, revestido), SCALANCE X307-3 SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, puertos en la parte frontal), SCALANCE XR324-12M (230V, puertos en la parte delantera), SCALANCE XR324-12M (230V, puertos en la parte trasera), SCALANCE XR324-12M (230V, puertos en la parte trasera), SCALANCE XR324-12M (24V, puertos en la parte delantera), SCALANCE XR324-12M (24V, puertos en la parte delantera), SCALANCE XR324-12M (24V, puertos en la parte trasera), SCALANCE XR324-12M (24V, puertos en la parte trasera), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte trasera), SCALANCE XR324-4M PoE (230V, puertos en la parte delantera), SCALANCE XR324-4M PoE (230V, puertos en la parte trasera), SCALANCE XR324-4M PoE (24V, puertos en la parte delantera), SCALANCE XR324-4M PoE (24V, puertos en la parte trasera), SCALANCE XR324-4M PoE TS (24V, puertos en la parte delantera), SIPLUS NET SCALANCE X308-2. El servidor web integrado del dispositivo afectado podr\u00eda permitir a atacantes remotos llevar a cabo acciones con los permisos de un usuario v\u00edctima, siempre que \u00e9ste tenga una sesi\u00f3n activa y sea inducido a lanzar la petici\u00f3n maliciosa"
}
],
"id": "CVE-2022-25754",
"lastModified": "2024-11-21T06:52:56.263",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-12T09:15:14.747",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-12 09:15
Modified
2024-11-21 06:52
Severity ?
Summary
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The handling of arguments such as IP addresses in the CLI of affected devices is prone to buffer overflows. This could allow an authenticated remote attacker to execute arbitrary code on the device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf | Mitigation, Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x302-7eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB6F150-2662-44AE-8DC1-0B0A426E8352",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x302-7eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E97B3B-1808-45D2-97B7-CF31CA6E7A60",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x304-2fe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F4071F-1AE2-4FAD-A8CB-1619552101A3",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x304-2fe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0087A1C6-AA76-4FD6-BAA1-D3190D2A0116",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x306-1ldfe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B78CFDF-1B15-4A4B-99D4-8CC5E1867BD1",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x306-1ldfe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "880CF41B-B25D-4744-8E8B-C4B131932B1B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x307-2eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB1094D-3F8A-4331-ABB9-46B73F7E008F",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x307-2eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "804EE08B-75A1-4CF6-9C30-8CF0CDC39658",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x307-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE21803A-A5CA-482A-ABD2-C9A547831BF6",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x307-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55EF0738-C9EF-4E4B-A7E7-ECC1B5F0678A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x307-3ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EEBFBB10-35E0-46BB-A937-E9A933C4D5BC",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x307-3ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7737F0C2-43FC-4330-88F2-9B08BA5B35D7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C91F6DD-A74C-4310-88AB-63A39D0208BE",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CCED3E4-38EF-4645-B25C-4F2C3D4E091C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B5513D8-59DD-4EE1-B2E8-F800D1DA7BC5",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1909FA-C8C6-46BE-83C6-2635D36FE69B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2lh_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A11DE626-D744-49A7-93C4-FE2C2AF5245F",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2lh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDBD94D-5312-4A54-AF76-D9DF791C0292",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2lh\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC259CD1-5C79-4491-B375-7A69116F2747",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2lh\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85153EED-C677-495D-A6BB-72365DE1ED3F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79918934-7B0B-4032-972E-2347CD33029D",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC54911E-C432-48FA-9551-9644422FFE14",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2m_poe_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00FBD442-84AA-48F3-8AD1-5767FFB2FC3F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2m_poe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E22C57C-2BD6-4C39-93D2-5D81A58EA6F0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2m_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E72D4503-5AAE-4C6F-BAE9-FA51701191B1",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2m_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFCCB68C-A58D-4543-A11F-721B01FFBBA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x310_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA2333C8-E9C7-43D8-9EAA-A88ECAAB4236",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE3716E-1C0A-4B72-809A-8318E5853FB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x310fe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EECD381-262F-4C47-90E1-7B44092C74BD",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x310fe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB34E83-83A3-45C3-B040-D8910971D439",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x320-1fe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36C40232-5696-44CC-B38F-5331A745C760",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x320-1fe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC54880F-CBF4-4772-A4FB-B07D97287D44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x320-1-2ldfe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F1969E4-CFD6-4AC7-956E-374967F5C406",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x320-1-2ldfe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D400F5-AD80-4536-A99D-793E1560757B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x408-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3ACB931D-C484-42F4-9912-24B44FE97017",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x408-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C632B90-EB11-4A4C-8128-DABBE044B9AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-4m_eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1EFA152-D29B-4116-A3D2-ACF7A025E053",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-4m_eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F952542-6B79-4681-A236-15C188AAEB1E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-4m_poe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "935CD21D-0471-4D1F-AF81-B1F996A9EFAB",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-4m_poe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "664D9C76-BC13-4874-939C-A8211DA33903",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-4m_poe_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C0F1FB-8B5E-448C-A304-FDDCB3DFCDD4",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-4m_poe_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4834A67B-7B0B-4F88-BBFB-25667FD68EC5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-12m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E0E1F54-D9EA-4AFB-80EF-0A585EC3C641",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-12m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36C9AE74-4683-4ED0-A605-3A6B065C230E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-12m_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC03DF92-C7A1-4232-AFDF-04B2B50666DB",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-12m_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4356417E-B4CB-45B0-B395-CE9D423FAB44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_net_scalance_x308-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25103533-B9BC-4553-B195-AF5CACAB713B",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_net_scalance_x308-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C48C944-324B-4390-B9D1-3D0FC3DD5BFD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The handling of arguments such as IP addresses in the CLI of affected devices is prone to buffer overflows. This could allow an authenticated remote attacker to execute arbitrary code on the device."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, revestido), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, revestido), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, revestido), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, revestido), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, revestido), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, revestido), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, revestido), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, revestido), SCALANCE X307-3 SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, puertos en la parte frontal), SCALANCE XR324-12M (230V, puertos en la parte delantera), SCALANCE XR324-12M (230V, puertos en la parte trasera), SCALANCE XR324-12M (230V, puertos en la parte trasera), SCALANCE XR324-12M (24V, puertos en la parte delantera), SCALANCE XR324-12M (24V, puertos en la parte delantera), SCALANCE XR324-12M (24V, puertos en la parte trasera), SCALANCE XR324-12M (24V, puertos en la parte trasera), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte trasera), SCALANCE XR324-4M PoE (230V, puertos en la parte delantera), SCALANCE XR324-4M PoE (230V, puertos en la parte trasera), SCALANCE XR324-4M PoE (24V, puertos en la parte delantera), SCALANCE XR324-4M PoE (24V, puertos en la parte trasera), SCALANCE XR324-4M PoE TS (24V, puertos en la parte delantera), SIPLUS NET SCALANCE X308-2. Un manejo de argumentos como las direcciones IP en la CLI de los dispositivos afectados es propenso a desbordamientos de b\u00fafer. Esto podr\u00eda permitir a un atacante remoto autenticado ejecutar c\u00f3digo arbitrario en el dispositivo"
}
],
"id": "CVE-2022-25753",
"lastModified": "2024-11-21T06:52:56.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-12T09:15:14.700",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-12 09:15
Modified
2024-11-21 06:52
Severity ?
Summary
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The webserver of an affected device is missing specific security headers. This could allow an remote attacker to extract confidential session information under certain circumstances.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf | Mitigation, Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x302-7eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB6F150-2662-44AE-8DC1-0B0A426E8352",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x302-7eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E97B3B-1808-45D2-97B7-CF31CA6E7A60",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x304-2fe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F4071F-1AE2-4FAD-A8CB-1619552101A3",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x304-2fe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0087A1C6-AA76-4FD6-BAA1-D3190D2A0116",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x306-1ldfe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B78CFDF-1B15-4A4B-99D4-8CC5E1867BD1",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x306-1ldfe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "880CF41B-B25D-4744-8E8B-C4B131932B1B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x307-2eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB1094D-3F8A-4331-ABB9-46B73F7E008F",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x307-2eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "804EE08B-75A1-4CF6-9C30-8CF0CDC39658",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x307-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE21803A-A5CA-482A-ABD2-C9A547831BF6",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x307-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55EF0738-C9EF-4E4B-A7E7-ECC1B5F0678A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x307-3ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EEBFBB10-35E0-46BB-A937-E9A933C4D5BC",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x307-3ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7737F0C2-43FC-4330-88F2-9B08BA5B35D7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C91F6DD-A74C-4310-88AB-63A39D0208BE",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CCED3E4-38EF-4645-B25C-4F2C3D4E091C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B5513D8-59DD-4EE1-B2E8-F800D1DA7BC5",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1909FA-C8C6-46BE-83C6-2635D36FE69B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2lh_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A11DE626-D744-49A7-93C4-FE2C2AF5245F",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2lh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDBD94D-5312-4A54-AF76-D9DF791C0292",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2lh\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC259CD1-5C79-4491-B375-7A69116F2747",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2lh\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85153EED-C677-495D-A6BB-72365DE1ED3F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79918934-7B0B-4032-972E-2347CD33029D",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC54911E-C432-48FA-9551-9644422FFE14",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2m_poe_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00FBD442-84AA-48F3-8AD1-5767FFB2FC3F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2m_poe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E22C57C-2BD6-4C39-93D2-5D81A58EA6F0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2m_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E72D4503-5AAE-4C6F-BAE9-FA51701191B1",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2m_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFCCB68C-A58D-4543-A11F-721B01FFBBA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x310_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA2333C8-E9C7-43D8-9EAA-A88ECAAB4236",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE3716E-1C0A-4B72-809A-8318E5853FB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x310fe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EECD381-262F-4C47-90E1-7B44092C74BD",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x310fe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB34E83-83A3-45C3-B040-D8910971D439",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x320-1fe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36C40232-5696-44CC-B38F-5331A745C760",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x320-1fe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC54880F-CBF4-4772-A4FB-B07D97287D44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x320-1-2ldfe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F1969E4-CFD6-4AC7-956E-374967F5C406",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x320-1-2ldfe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D400F5-AD80-4536-A99D-793E1560757B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x408-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3ACB931D-C484-42F4-9912-24B44FE97017",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x408-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C632B90-EB11-4A4C-8128-DABBE044B9AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-4m_eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1EFA152-D29B-4116-A3D2-ACF7A025E053",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-4m_eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F952542-6B79-4681-A236-15C188AAEB1E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-4m_poe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "935CD21D-0471-4D1F-AF81-B1F996A9EFAB",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-4m_poe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "664D9C76-BC13-4874-939C-A8211DA33903",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-4m_poe_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C0F1FB-8B5E-448C-A304-FDDCB3DFCDD4",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-4m_poe_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4834A67B-7B0B-4F88-BBFB-25667FD68EC5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-12m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E0E1F54-D9EA-4AFB-80EF-0A585EC3C641",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-12m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36C9AE74-4683-4ED0-A605-3A6B065C230E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-12m_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC03DF92-C7A1-4232-AFDF-04B2B50666DB",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-12m_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4356417E-B4CB-45B0-B395-CE9D423FAB44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_net_scalance_x308-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25103533-B9BC-4553-B195-AF5CACAB713B",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_net_scalance_x308-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C48C944-324B-4390-B9D1-3D0FC3DD5BFD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The webserver of an affected device is missing specific security headers. This could allow an remote attacker to extract confidential session information under certain circumstances."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, revestido), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, revestido), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, revestido), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, revestido), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, revestido), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, revestido), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, revestido), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, revestido), SCALANCE X307-3 SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, puertos en la parte frontal), SCALANCE XR324-12M (230V, puertos en la parte delantera), SCALANCE XR324-12M (230V, puertos en la parte trasera), SCALANCE XR324-12M (230V, puertos en la parte trasera), SCALANCE XR324-12M (24V, puertos en la parte delantera), SCALANCE XR324-12M (24V, puertos en la parte delantera), SCALANCE XR324-12M (24V, puertos en la parte trasera), SCALANCE XR324-12M (24V, puertos en la parte trasera), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte trasera), SCALANCE XR324-4M PoE (230V, puertos en la parte delantera), SCALANCE XR324-4M PoE (230V, puertos en la parte trasera), SCALANCE XR324-4M PoE (24V, puertos en la parte delantera), SCALANCE XR324-4M PoE (24V, puertos en la parte trasera), SCALANCE XR324-4M PoE TS (24V, puertos en la parte delantera), SIPLUS NET SCALANCE X308-2. El servidor web de un dispositivo afectado carece de encabezados de seguridad espec\u00edficas. Esto podr\u00eda permitir a un atacante remoto extraer informaci\u00f3n confidencial de la sesi\u00f3n bajo determinadas circunstancias"
}
],
"id": "CVE-2022-25755",
"lastModified": "2024-11-21T06:52:56.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-12T09:15:14.793",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-12 09:15
Modified
2024-11-21 06:52
Severity ?
Summary
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf | Mitigation, Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x302-7eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB6F150-2662-44AE-8DC1-0B0A426E8352",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x302-7eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E97B3B-1808-45D2-97B7-CF31CA6E7A60",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x304-2fe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F4071F-1AE2-4FAD-A8CB-1619552101A3",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x304-2fe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0087A1C6-AA76-4FD6-BAA1-D3190D2A0116",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x306-1ldfe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B78CFDF-1B15-4A4B-99D4-8CC5E1867BD1",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x306-1ldfe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "880CF41B-B25D-4744-8E8B-C4B131932B1B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x307-2eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB1094D-3F8A-4331-ABB9-46B73F7E008F",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x307-2eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "804EE08B-75A1-4CF6-9C30-8CF0CDC39658",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x307-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE21803A-A5CA-482A-ABD2-C9A547831BF6",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x307-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55EF0738-C9EF-4E4B-A7E7-ECC1B5F0678A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x307-3ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EEBFBB10-35E0-46BB-A937-E9A933C4D5BC",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x307-3ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7737F0C2-43FC-4330-88F2-9B08BA5B35D7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C91F6DD-A74C-4310-88AB-63A39D0208BE",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CCED3E4-38EF-4645-B25C-4F2C3D4E091C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B5513D8-59DD-4EE1-B2E8-F800D1DA7BC5",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1909FA-C8C6-46BE-83C6-2635D36FE69B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2lh_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A11DE626-D744-49A7-93C4-FE2C2AF5245F",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2lh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDBD94D-5312-4A54-AF76-D9DF791C0292",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2lh\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC259CD1-5C79-4491-B375-7A69116F2747",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2lh\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85153EED-C677-495D-A6BB-72365DE1ED3F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79918934-7B0B-4032-972E-2347CD33029D",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC54911E-C432-48FA-9551-9644422FFE14",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2m_poe_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00FBD442-84AA-48F3-8AD1-5767FFB2FC3F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2m_poe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E22C57C-2BD6-4C39-93D2-5D81A58EA6F0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2m_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E72D4503-5AAE-4C6F-BAE9-FA51701191B1",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2m_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFCCB68C-A58D-4543-A11F-721B01FFBBA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x310_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA2333C8-E9C7-43D8-9EAA-A88ECAAB4236",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE3716E-1C0A-4B72-809A-8318E5853FB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x310fe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EECD381-262F-4C47-90E1-7B44092C74BD",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x310fe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB34E83-83A3-45C3-B040-D8910971D439",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x320-1fe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36C40232-5696-44CC-B38F-5331A745C760",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x320-1fe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC54880F-CBF4-4772-A4FB-B07D97287D44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x320-1-2ldfe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F1969E4-CFD6-4AC7-956E-374967F5C406",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x320-1-2ldfe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D400F5-AD80-4536-A99D-793E1560757B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x408-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3ACB931D-C484-42F4-9912-24B44FE97017",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x408-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C632B90-EB11-4A4C-8128-DABBE044B9AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-4m_eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1EFA152-D29B-4116-A3D2-ACF7A025E053",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-4m_eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F952542-6B79-4681-A236-15C188AAEB1E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-4m_poe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "935CD21D-0471-4D1F-AF81-B1F996A9EFAB",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-4m_poe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "664D9C76-BC13-4874-939C-A8211DA33903",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-4m_poe_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C0F1FB-8B5E-448C-A304-FDDCB3DFCDD4",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-4m_poe_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4834A67B-7B0B-4F88-BBFB-25667FD68EC5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-12m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E0E1F54-D9EA-4AFB-80EF-0A585EC3C641",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-12m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36C9AE74-4683-4ED0-A605-3A6B065C230E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-12m_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC03DF92-C7A1-4232-AFDF-04B2B50666DB",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-12m_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4356417E-B4CB-45B0-B395-CE9D423FAB44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_net_scalance_x308-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25103533-B9BC-4553-B195-AF5CACAB713B",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_net_scalance_x308-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C48C944-324B-4390-B9D1-3D0FC3DD5BFD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, revestido), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, revestido), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, revestido), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, revestido), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, revestido), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, revestido), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, revestido), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, revestido), SCALANCE X307-3 SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, puertos en la parte frontal), SCALANCE XR324-12M (230V, puertos en la parte delantera), SCALANCE XR324-12M (230V, puertos en la parte trasera), SCALANCE XR324-12M (230V, puertos en la parte trasera), SCALANCE XR324-12M (24V, puertos en la parte delantera), SCALANCE XR324-12M (24V, puertos en la parte delantera), SCALANCE XR324-12M (24V, puertos en la parte trasera), SCALANCE XR324-12M (24V, puertos en la parte trasera), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte trasera), SCALANCE XR324-4M PoE (230V, puertos en la parte delantera), SCALANCE XR324-4M PoE (230V, puertos en la parte trasera), SCALANCE XR324-4M PoE (24V, puertos en la parte delantera), SCALANCE XR324-4M PoE (24V, puertos en la parte trasera), SCALANCE XR324-4M PoE TS (24V, puertos en la parte delantera), SIPLUS NET SCALANCE X308-2. El servidor web de los dispositivos afectados calcula los identificadores de sesi\u00f3n y los nonces de forma no segura. Esto podr\u00eda permitir a un atacante remoto no autenticado forzar los identificadores de sesi\u00f3n y secuestrar las sesiones existentes"
}
],
"id": "CVE-2022-25752",
"lastModified": "2024-11-21T06:52:55.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-12T09:15:14.650",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-12 09:15
Modified
2024-11-21 06:52
Severity ?
Summary
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. This can be used by an attacker to trigger a malicious request on the affected device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf | Mitigation, Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x302-7eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB6F150-2662-44AE-8DC1-0B0A426E8352",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x302-7eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E97B3B-1808-45D2-97B7-CF31CA6E7A60",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x304-2fe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F4071F-1AE2-4FAD-A8CB-1619552101A3",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x304-2fe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0087A1C6-AA76-4FD6-BAA1-D3190D2A0116",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x306-1ldfe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B78CFDF-1B15-4A4B-99D4-8CC5E1867BD1",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x306-1ldfe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "880CF41B-B25D-4744-8E8B-C4B131932B1B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x307-2eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB1094D-3F8A-4331-ABB9-46B73F7E008F",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x307-2eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "804EE08B-75A1-4CF6-9C30-8CF0CDC39658",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x307-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE21803A-A5CA-482A-ABD2-C9A547831BF6",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x307-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55EF0738-C9EF-4E4B-A7E7-ECC1B5F0678A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x307-3ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EEBFBB10-35E0-46BB-A937-E9A933C4D5BC",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x307-3ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7737F0C2-43FC-4330-88F2-9B08BA5B35D7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C91F6DD-A74C-4310-88AB-63A39D0208BE",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CCED3E4-38EF-4645-B25C-4F2C3D4E091C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B5513D8-59DD-4EE1-B2E8-F800D1DA7BC5",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1909FA-C8C6-46BE-83C6-2635D36FE69B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2lh_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A11DE626-D744-49A7-93C4-FE2C2AF5245F",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2lh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDBD94D-5312-4A54-AF76-D9DF791C0292",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2lh\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC259CD1-5C79-4491-B375-7A69116F2747",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2lh\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85153EED-C677-495D-A6BB-72365DE1ED3F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79918934-7B0B-4032-972E-2347CD33029D",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC54911E-C432-48FA-9551-9644422FFE14",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2m_poe_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00FBD442-84AA-48F3-8AD1-5767FFB2FC3F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2m_poe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E22C57C-2BD6-4C39-93D2-5D81A58EA6F0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2m_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E72D4503-5AAE-4C6F-BAE9-FA51701191B1",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2m_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFCCB68C-A58D-4543-A11F-721B01FFBBA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x310_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA2333C8-E9C7-43D8-9EAA-A88ECAAB4236",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE3716E-1C0A-4B72-809A-8318E5853FB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x310fe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EECD381-262F-4C47-90E1-7B44092C74BD",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x310fe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB34E83-83A3-45C3-B040-D8910971D439",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x320-1fe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36C40232-5696-44CC-B38F-5331A745C760",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x320-1fe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC54880F-CBF4-4772-A4FB-B07D97287D44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x320-1-2ldfe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F1969E4-CFD6-4AC7-956E-374967F5C406",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x320-1-2ldfe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D400F5-AD80-4536-A99D-793E1560757B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x408-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3ACB931D-C484-42F4-9912-24B44FE97017",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x408-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C632B90-EB11-4A4C-8128-DABBE044B9AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-4m_eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1EFA152-D29B-4116-A3D2-ACF7A025E053",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-4m_eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F952542-6B79-4681-A236-15C188AAEB1E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-4m_poe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "935CD21D-0471-4D1F-AF81-B1F996A9EFAB",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-4m_poe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "664D9C76-BC13-4874-939C-A8211DA33903",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-4m_poe_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C0F1FB-8B5E-448C-A304-FDDCB3DFCDD4",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-4m_poe_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4834A67B-7B0B-4F88-BBFB-25667FD68EC5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-12m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E0E1F54-D9EA-4AFB-80EF-0A585EC3C641",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-12m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36C9AE74-4683-4ED0-A605-3A6B065C230E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-12m_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC03DF92-C7A1-4232-AFDF-04B2B50666DB",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-12m_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4356417E-B4CB-45B0-B395-CE9D423FAB44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_net_scalance_x308-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25103533-B9BC-4553-B195-AF5CACAB713B",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_net_scalance_x308-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C48C944-324B-4390-B9D1-3D0FC3DD5BFD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. This can be used by an attacker to trigger a malicious request on the affected device."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, revestido), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, revestido), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, revestido), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, revestido), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, revestido), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, revestido), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, revestido), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, revestido), SCALANCE X307-3 SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, puertos en la parte frontal), SCALANCE XR324-12M (230V, puertos en la parte delantera), SCALANCE XR324-12M (230V, puertos en la parte trasera), SCALANCE XR324-12M (230V, puertos en la parte trasera), SCALANCE XR324-12M (24V, puertos en la parte delantera), SCALANCE XR324-12M (24V, puertos en la parte delantera), SCALANCE XR324-12M (24V, puertos en la parte trasera), SCALANCE XR324-12M (24V, puertos en la parte trasera), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte trasera), SCALANCE XR324-4M PoE (230V, puertos en la parte delantera), SCALANCE XR324-4M PoE (230V, puertos en la parte trasera), SCALANCE XR324-4M PoE (24V, puertos en la parte delantera), SCALANCE XR324-4M PoE (24V, puertos en la parte trasera), SCALANCE XR324-4M PoE TS (24V, puertos en la parte delantera), SIPLUS NET SCALANCE X308-2. El servidor web integrado podr\u00eda permitir ataques de tipo Cross-Site Scripting (XSS) si los usuarios desprevenidos son enga\u00f1ados para acceder a un enlace malicioso. Esto puede ser usado por un atacante para lanzar una petici\u00f3n maliciosa en el dispositivo afectado"
}
],
"id": "CVE-2022-25756",
"lastModified": "2024-11-21T06:52:56.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-12T09:15:14.837",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-80"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-12 09:15
Modified
2024-11-21 06:53
Severity ?
Summary
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf | Mitigation, Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x302-7eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB6F150-2662-44AE-8DC1-0B0A426E8352",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x302-7eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E97B3B-1808-45D2-97B7-CF31CA6E7A60",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x304-2fe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F4071F-1AE2-4FAD-A8CB-1619552101A3",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x304-2fe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0087A1C6-AA76-4FD6-BAA1-D3190D2A0116",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x306-1ldfe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B78CFDF-1B15-4A4B-99D4-8CC5E1867BD1",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x306-1ldfe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "880CF41B-B25D-4744-8E8B-C4B131932B1B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x307-2eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB1094D-3F8A-4331-ABB9-46B73F7E008F",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x307-2eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "804EE08B-75A1-4CF6-9C30-8CF0CDC39658",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x307-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE21803A-A5CA-482A-ABD2-C9A547831BF6",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x307-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55EF0738-C9EF-4E4B-A7E7-ECC1B5F0678A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x307-3ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EEBFBB10-35E0-46BB-A937-E9A933C4D5BC",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x307-3ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7737F0C2-43FC-4330-88F2-9B08BA5B35D7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C91F6DD-A74C-4310-88AB-63A39D0208BE",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CCED3E4-38EF-4645-B25C-4F2C3D4E091C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B5513D8-59DD-4EE1-B2E8-F800D1DA7BC5",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1909FA-C8C6-46BE-83C6-2635D36FE69B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2lh_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A11DE626-D744-49A7-93C4-FE2C2AF5245F",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2lh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDBD94D-5312-4A54-AF76-D9DF791C0292",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2lh\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC259CD1-5C79-4491-B375-7A69116F2747",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2lh\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85153EED-C677-495D-A6BB-72365DE1ED3F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79918934-7B0B-4032-972E-2347CD33029D",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC54911E-C432-48FA-9551-9644422FFE14",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2m_poe_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00FBD442-84AA-48F3-8AD1-5767FFB2FC3F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2m_poe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E22C57C-2BD6-4C39-93D2-5D81A58EA6F0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2m_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E72D4503-5AAE-4C6F-BAE9-FA51701191B1",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2m_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFCCB68C-A58D-4543-A11F-721B01FFBBA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x310_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA2333C8-E9C7-43D8-9EAA-A88ECAAB4236",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE3716E-1C0A-4B72-809A-8318E5853FB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x310fe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EECD381-262F-4C47-90E1-7B44092C74BD",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x310fe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB34E83-83A3-45C3-B040-D8910971D439",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x320-1fe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36C40232-5696-44CC-B38F-5331A745C760",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x320-1fe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC54880F-CBF4-4772-A4FB-B07D97287D44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x320-1-2ldfe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F1969E4-CFD6-4AC7-956E-374967F5C406",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x320-1-2ldfe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D400F5-AD80-4536-A99D-793E1560757B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x408-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3ACB931D-C484-42F4-9912-24B44FE97017",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x408-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C632B90-EB11-4A4C-8128-DABBE044B9AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-4m_eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1EFA152-D29B-4116-A3D2-ACF7A025E053",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-4m_eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F952542-6B79-4681-A236-15C188AAEB1E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-4m_poe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "935CD21D-0471-4D1F-AF81-B1F996A9EFAB",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-4m_poe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "664D9C76-BC13-4874-939C-A8211DA33903",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-4m_poe_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C0F1FB-8B5E-448C-A304-FDDCB3DFCDD4",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-4m_poe_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4834A67B-7B0B-4F88-BBFB-25667FD68EC5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-12m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E0E1F54-D9EA-4AFB-80EF-0A585EC3C641",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-12m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36C9AE74-4683-4ED0-A605-3A6B065C230E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-12m_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC03DF92-C7A1-4232-AFDF-04B2B50666DB",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-12m_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4356417E-B4CB-45B0-B395-CE9D423FAB44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_net_scalance_x308-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25103533-B9BC-4553-B195-AF5CACAB713B",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_net_scalance_x308-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C48C944-324B-4390-B9D1-3D0FC3DD5BFD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, revestido), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, revestido), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, revestido), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, revestido), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, revestido), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, revestido), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, revestido), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, revestido), SCALANCE X307-3 SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, puertos en la parte frontal), SCALANCE XR324-12M (230V, puertos en la parte delantera), SCALANCE XR324-12M (230V, puertos en la parte trasera), SCALANCE XR324-12M (230V, puertos en la parte trasera), SCALANCE XR324-12M (24V, puertos en la parte delantera), SCALANCE XR324-12M (24V, puertos en la parte delantera), SCALANCE XR324-12M (24V, puertos en la parte trasera), SCALANCE XR324-12M (24V, puertos en la parte trasera), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte trasera), SCALANCE XR324-4M PoE (230V, puertos en la parte delantera), SCALANCE XR324-4M PoE (230V, puertos en la parte trasera), SCALANCE XR324-4M PoE (24V, puertos en la parte delantera), SCALANCE XR324-4M PoE (24V, puertos en la parte trasera), SCALANCE XR324-4M PoE TS (24V, puertos en la parte delantera), SIPLUS NET SCALANCE X308-2. Los dispositivos afectados no comprueban correctamente el URI de las peticiones HTTP GET entrantes. Esto podr\u00eda permitir a un atacante remoto no autenticado bloquear los dispositivos afectados"
}
],
"id": "CVE-2022-26335",
"lastModified": "2024-11-21T06:53:46.287",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-12T09:15:14.923",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-12 09:15
Modified
2024-11-21 06:53
Severity ?
Summary
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf | Mitigation, Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x302-7eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB6F150-2662-44AE-8DC1-0B0A426E8352",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x302-7eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E97B3B-1808-45D2-97B7-CF31CA6E7A60",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x304-2fe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F4071F-1AE2-4FAD-A8CB-1619552101A3",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x304-2fe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0087A1C6-AA76-4FD6-BAA1-D3190D2A0116",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x306-1ldfe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B78CFDF-1B15-4A4B-99D4-8CC5E1867BD1",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x306-1ldfe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "880CF41B-B25D-4744-8E8B-C4B131932B1B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x307-2eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB1094D-3F8A-4331-ABB9-46B73F7E008F",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x307-2eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "804EE08B-75A1-4CF6-9C30-8CF0CDC39658",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x307-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE21803A-A5CA-482A-ABD2-C9A547831BF6",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x307-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55EF0738-C9EF-4E4B-A7E7-ECC1B5F0678A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x307-3ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EEBFBB10-35E0-46BB-A937-E9A933C4D5BC",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x307-3ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7737F0C2-43FC-4330-88F2-9B08BA5B35D7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C91F6DD-A74C-4310-88AB-63A39D0208BE",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CCED3E4-38EF-4645-B25C-4F2C3D4E091C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B5513D8-59DD-4EE1-B2E8-F800D1DA7BC5",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1909FA-C8C6-46BE-83C6-2635D36FE69B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2lh_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A11DE626-D744-49A7-93C4-FE2C2AF5245F",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2lh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDBD94D-5312-4A54-AF76-D9DF791C0292",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2lh\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC259CD1-5C79-4491-B375-7A69116F2747",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2lh\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85153EED-C677-495D-A6BB-72365DE1ED3F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79918934-7B0B-4032-972E-2347CD33029D",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC54911E-C432-48FA-9551-9644422FFE14",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2m_poe_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00FBD442-84AA-48F3-8AD1-5767FFB2FC3F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2m_poe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E22C57C-2BD6-4C39-93D2-5D81A58EA6F0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2m_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E72D4503-5AAE-4C6F-BAE9-FA51701191B1",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2m_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFCCB68C-A58D-4543-A11F-721B01FFBBA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x310_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA2333C8-E9C7-43D8-9EAA-A88ECAAB4236",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE3716E-1C0A-4B72-809A-8318E5853FB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x310fe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EECD381-262F-4C47-90E1-7B44092C74BD",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x310fe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB34E83-83A3-45C3-B040-D8910971D439",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x320-1fe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36C40232-5696-44CC-B38F-5331A745C760",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x320-1fe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC54880F-CBF4-4772-A4FB-B07D97287D44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x320-1-2ldfe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F1969E4-CFD6-4AC7-956E-374967F5C406",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x320-1-2ldfe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D400F5-AD80-4536-A99D-793E1560757B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x408-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3ACB931D-C484-42F4-9912-24B44FE97017",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x408-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C632B90-EB11-4A4C-8128-DABBE044B9AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-4m_eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1EFA152-D29B-4116-A3D2-ACF7A025E053",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-4m_eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F952542-6B79-4681-A236-15C188AAEB1E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-4m_poe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "935CD21D-0471-4D1F-AF81-B1F996A9EFAB",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-4m_poe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "664D9C76-BC13-4874-939C-A8211DA33903",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-4m_poe_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C0F1FB-8B5E-448C-A304-FDDCB3DFCDD4",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-4m_poe_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4834A67B-7B0B-4F88-BBFB-25667FD68EC5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-12m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E0E1F54-D9EA-4AFB-80EF-0A585EC3C641",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-12m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36C9AE74-4683-4ED0-A605-3A6B065C230E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-12m_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC03DF92-C7A1-4232-AFDF-04B2B50666DB",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-12m_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4356417E-B4CB-45B0-B395-CE9D423FAB44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_net_scalance_x308-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25103533-B9BC-4553-B195-AF5CACAB713B",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_net_scalance_x308-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C48C944-324B-4390-B9D1-3D0FC3DD5BFD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, revestido), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, revestido), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, revestido), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, revestido), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, revestido), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, revestido), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, revestido), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, revestido), SCALANCE X307-3 SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, puertos en la parte frontal), SCALANCE XR324-12M (230V, puertos en la parte delantera), SCALANCE XR324-12M (230V, puertos en la parte trasera), SCALANCE XR324-12M (230V, puertos en la parte trasera), SCALANCE XR324-12M (24V, puertos en la parte delantera), SCALANCE XR324-12M (24V, puertos en la parte delantera), SCALANCE XR324-12M (24V, puertos en la parte trasera), SCALANCE XR324-12M (24V, puertos en la parte trasera), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte trasera), SCALANCE XR324-4M PoE (230V, puertos en la parte delantera), SCALANCE XR324-4M PoE (230V, puertos en la parte trasera), SCALANCE XR324-4M PoE (24V, puertos en la parte delantera), SCALANCE XR324-4M PoE (24V, puertos en la parte trasera), SCALANCE XR324-4M PoE TS (24V, puertos en la parte delantera), SIPLUS NET SCALANCE X308-2. Los dispositivos afectados no comprueban correctamente el par\u00e1metro GET XNo de las peticiones HTTP entrantes. Esto podr\u00eda permitir a un atacante remoto no autenticado bloquear los dispositivos afectados"
}
],
"id": "CVE-2022-26334",
"lastModified": "2024-11-21T06:53:46.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-12T09:15:14.880",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-12 09:15
Modified
2024-11-21 06:53
Severity ?
Summary
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate if a certain SNMP key exists. An attacker could use this to trigger a reboot of an affected device by requesting specific SNMP information from the device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf | Mitigation, Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x302-7eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB6F150-2662-44AE-8DC1-0B0A426E8352",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x302-7eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E97B3B-1808-45D2-97B7-CF31CA6E7A60",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x304-2fe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F4071F-1AE2-4FAD-A8CB-1619552101A3",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x304-2fe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0087A1C6-AA76-4FD6-BAA1-D3190D2A0116",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x306-1ldfe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B78CFDF-1B15-4A4B-99D4-8CC5E1867BD1",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x306-1ldfe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "880CF41B-B25D-4744-8E8B-C4B131932B1B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x307-2eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB1094D-3F8A-4331-ABB9-46B73F7E008F",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x307-2eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "804EE08B-75A1-4CF6-9C30-8CF0CDC39658",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x307-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE21803A-A5CA-482A-ABD2-C9A547831BF6",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x307-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55EF0738-C9EF-4E4B-A7E7-ECC1B5F0678A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x307-3ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EEBFBB10-35E0-46BB-A937-E9A933C4D5BC",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x307-3ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7737F0C2-43FC-4330-88F2-9B08BA5B35D7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C91F6DD-A74C-4310-88AB-63A39D0208BE",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CCED3E4-38EF-4645-B25C-4F2C3D4E091C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B5513D8-59DD-4EE1-B2E8-F800D1DA7BC5",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1909FA-C8C6-46BE-83C6-2635D36FE69B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2lh_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A11DE626-D744-49A7-93C4-FE2C2AF5245F",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2lh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDBD94D-5312-4A54-AF76-D9DF791C0292",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2lh\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC259CD1-5C79-4491-B375-7A69116F2747",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2lh\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85153EED-C677-495D-A6BB-72365DE1ED3F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79918934-7B0B-4032-972E-2347CD33029D",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC54911E-C432-48FA-9551-9644422FFE14",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2m_poe_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00FBD442-84AA-48F3-8AD1-5767FFB2FC3F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2m_poe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E22C57C-2BD6-4C39-93D2-5D81A58EA6F0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2m_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E72D4503-5AAE-4C6F-BAE9-FA51701191B1",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2m_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFCCB68C-A58D-4543-A11F-721B01FFBBA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x310_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA2333C8-E9C7-43D8-9EAA-A88ECAAB4236",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE3716E-1C0A-4B72-809A-8318E5853FB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x310fe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EECD381-262F-4C47-90E1-7B44092C74BD",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x310fe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB34E83-83A3-45C3-B040-D8910971D439",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x320-1fe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36C40232-5696-44CC-B38F-5331A745C760",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x320-1fe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC54880F-CBF4-4772-A4FB-B07D97287D44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x320-1-2ldfe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F1969E4-CFD6-4AC7-956E-374967F5C406",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x320-1-2ldfe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D400F5-AD80-4536-A99D-793E1560757B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x408-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3ACB931D-C484-42F4-9912-24B44FE97017",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x408-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C632B90-EB11-4A4C-8128-DABBE044B9AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-4m_eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1EFA152-D29B-4116-A3D2-ACF7A025E053",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-4m_eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F952542-6B79-4681-A236-15C188AAEB1E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-4m_poe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "935CD21D-0471-4D1F-AF81-B1F996A9EFAB",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-4m_poe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "664D9C76-BC13-4874-939C-A8211DA33903",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-4m_poe_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C0F1FB-8B5E-448C-A304-FDDCB3DFCDD4",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-4m_poe_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4834A67B-7B0B-4F88-BBFB-25667FD68EC5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-12m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E0E1F54-D9EA-4AFB-80EF-0A585EC3C641",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-12m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36C9AE74-4683-4ED0-A605-3A6B065C230E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-12m_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC03DF92-C7A1-4232-AFDF-04B2B50666DB",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-12m_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4356417E-B4CB-45B0-B395-CE9D423FAB44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_net_scalance_x308-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25103533-B9BC-4553-B195-AF5CACAB713B",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_net_scalance_x308-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C48C944-324B-4390-B9D1-3D0FC3DD5BFD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate if a certain SNMP key exists. An attacker could use this to trigger a reboot of an affected device by requesting specific SNMP information from the device."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, recubierto), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, recubierto), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, recubierto), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, recubierto), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, revestido), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, revestido), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, revestido), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, revestido), SCALANCE X307-3 SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, puertos en la parte frontal), SCALANCE XR324-12M (230V, puertos en la parte delantera), SCALANCE XR324-12M (230V, puertos en la parte trasera), SCALANCE XR324-12M (230V, puertos en la parte trasera), SCALANCE XR324-12M (24V, puertos en la parte delantera), SCALANCE XR324-12M (24V, puertos en la parte delantera), SCALANCE XR324-12M (24V, puertos en la parte trasera), SCALANCE XR324-12M (24V, puertos en la parte trasera), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte trasera), SCALANCE XR324-4M PoE (230V, puertos en la parte delantera), SCALANCE XR324-4M PoE (230V, puertos en la parte trasera), SCALANCE XR324-4M PoE (24V, puertos en la parte delantera), SCALANCE XR324-4M PoE (24V, puertos en la parte trasera), SCALANCE XR324-4M PoE TS (24V, puertos en la parte delantera), SIPLUS NET SCALANCE X308-2. Los dispositivos afectados no comprueban correctamente si se presenta una determinada clave SNMP. Un atacante podr\u00eda usar esto para desencadenar un reinicio de un dispositivo afectado al solicitar informaci\u00f3n SNMP espec\u00edfica del dispositivo"
}
],
"id": "CVE-2022-26380",
"lastModified": "2024-11-21T06:53:52.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-12T09:15:14.970",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-12 09:15
Modified
2024-11-21 06:52
Severity ?
Summary
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the HTTP headers of incoming requests. This could allow an unauthenticated remote attacker to crash affected devices.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf | Mitigation, Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x302-7eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB6F150-2662-44AE-8DC1-0B0A426E8352",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x302-7eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E97B3B-1808-45D2-97B7-CF31CA6E7A60",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x304-2fe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F4071F-1AE2-4FAD-A8CB-1619552101A3",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x304-2fe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0087A1C6-AA76-4FD6-BAA1-D3190D2A0116",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x306-1ldfe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B78CFDF-1B15-4A4B-99D4-8CC5E1867BD1",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x306-1ldfe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "880CF41B-B25D-4744-8E8B-C4B131932B1B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x307-2eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB1094D-3F8A-4331-ABB9-46B73F7E008F",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x307-2eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "804EE08B-75A1-4CF6-9C30-8CF0CDC39658",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x307-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE21803A-A5CA-482A-ABD2-C9A547831BF6",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x307-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55EF0738-C9EF-4E4B-A7E7-ECC1B5F0678A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x307-3ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EEBFBB10-35E0-46BB-A937-E9A933C4D5BC",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x307-3ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7737F0C2-43FC-4330-88F2-9B08BA5B35D7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C91F6DD-A74C-4310-88AB-63A39D0208BE",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CCED3E4-38EF-4645-B25C-4F2C3D4E091C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B5513D8-59DD-4EE1-B2E8-F800D1DA7BC5",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1909FA-C8C6-46BE-83C6-2635D36FE69B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2lh_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A11DE626-D744-49A7-93C4-FE2C2AF5245F",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2lh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDBD94D-5312-4A54-AF76-D9DF791C0292",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2lh\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC259CD1-5C79-4491-B375-7A69116F2747",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2lh\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85153EED-C677-495D-A6BB-72365DE1ED3F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79918934-7B0B-4032-972E-2347CD33029D",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC54911E-C432-48FA-9551-9644422FFE14",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2m_poe_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00FBD442-84AA-48F3-8AD1-5767FFB2FC3F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2m_poe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E22C57C-2BD6-4C39-93D2-5D81A58EA6F0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2m_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E72D4503-5AAE-4C6F-BAE9-FA51701191B1",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2m_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFCCB68C-A58D-4543-A11F-721B01FFBBA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x310_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA2333C8-E9C7-43D8-9EAA-A88ECAAB4236",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE3716E-1C0A-4B72-809A-8318E5853FB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x310fe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EECD381-262F-4C47-90E1-7B44092C74BD",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x310fe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB34E83-83A3-45C3-B040-D8910971D439",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x320-1fe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36C40232-5696-44CC-B38F-5331A745C760",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x320-1fe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC54880F-CBF4-4772-A4FB-B07D97287D44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x320-1-2ldfe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F1969E4-CFD6-4AC7-956E-374967F5C406",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x320-1-2ldfe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D400F5-AD80-4536-A99D-793E1560757B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x408-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3ACB931D-C484-42F4-9912-24B44FE97017",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x408-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C632B90-EB11-4A4C-8128-DABBE044B9AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-4m_eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1EFA152-D29B-4116-A3D2-ACF7A025E053",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-4m_eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F952542-6B79-4681-A236-15C188AAEB1E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-4m_poe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "935CD21D-0471-4D1F-AF81-B1F996A9EFAB",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-4m_poe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "664D9C76-BC13-4874-939C-A8211DA33903",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-4m_poe_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C0F1FB-8B5E-448C-A304-FDDCB3DFCDD4",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-4m_poe_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4834A67B-7B0B-4F88-BBFB-25667FD68EC5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-12m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E0E1F54-D9EA-4AFB-80EF-0A585EC3C641",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-12m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36C9AE74-4683-4ED0-A605-3A6B065C230E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr324-12m_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC03DF92-C7A1-4232-AFDF-04B2B50666DB",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr324-12m_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4356417E-B4CB-45B0-B395-CE9D423FAB44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_net_scalance_x308-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25103533-B9BC-4553-B195-AF5CACAB713B",
"versionEndExcluding": "4.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_net_scalance_x308-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C48C944-324B-4390-B9D1-3D0FC3DD5BFD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the HTTP headers of incoming requests. This could allow an unauthenticated remote attacker to crash affected devices."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, revestido), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, revestido), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, revestido), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, revestido), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, revestido), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, revestido), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, revestido), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, revestido), SCALANCE X307-3 SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, puertos en la parte frontal), SCALANCE XR324-12M (230V, puertos en la parte delantera), SCALANCE XR324-12M (230V, puertos en la parte trasera), SCALANCE XR324-12M (230V, puertos en la parte trasera), SCALANCE XR324-12M (24V, puertos en la parte delantera), SCALANCE XR324-12M (24V, puertos en la parte delantera), SCALANCE XR324-12M (24V, puertos en la parte trasera), SCALANCE XR324-12M (24V, puertos en la parte trasera), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte trasera), SCALANCE XR324-4M PoE (230V, puertos en la parte delantera), SCALANCE XR324-4M PoE (230V, puertos en la parte trasera), SCALANCE XR324-4M PoE (24V, puertos en la parte delantera), SCALANCE XR324-4M PoE (24V, puertos en la parte trasera), SCALANCE XR324-4M PoE TS (24V, puertos en la parte delantera), SIPLUS NET SCALANCE X308-2. Los dispositivos afectados no comprueban correctamente los encabezados HTTP de las peticiones entrantes. Esto podr\u00eda permitir a un atacante remoto no autenticado bloquear los dispositivos afectados"
}
],
"id": "CVE-2022-25751",
"lastModified": "2024-11-21T06:52:55.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-12T09:15:14.597",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-16 16:15
Modified
2024-11-21 04:25
Severity ?
Summary
A vulnerability has been identified in SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices contain a vulnerability that allows an unauthenticated attacker to violate access-control rules. The vulnerability can be triggered by sending GET request to specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration. At the time of advisory publication no public exploitation of this security vulnerability was known.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x-200rna_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "282096F4-8422-4261-A446-69FFB0933FC1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x-200rna:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BCF5B82-0766-4711-90E6-C2A6FACE44EE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C435EFA-6C21-41EA-9A3F-136FF7F03776",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA8B483F-0FD2-49F8-A86A-672A6E007949",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x-300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "076F3DDE-2B70-4F53-9B12-7CE3D9641E7E",
"versionEndExcluding": "4.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x-300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D0AB50-6F0B-4232-8C8E-1647410D362D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr-300wg_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02B398C3-3EDD-4FD4-977A-8461DB27CC49",
"versionEndExcluding": "4.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr-300wg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "434BC9BE-C5DB-4DAF-8E07-DFE4EEA0D7FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr-300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "129E733C-0BF1-4DF0-9772-66009BA3C64D",
"versionEndExcluding": "4.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr-300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "889CF2C0-EE6C-447F-85F1-005730EAD232",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x408-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B1BAB4A-4F21-4BD7-B474-7675CEF22008",
"versionEndExcluding": "4.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x408-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C632B90-EB11-4A4C-8128-DABBE044B9AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_net_csm_1277_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAAC05E1-5FED-4072-906B-9B1289A1E6ED",
"versionEndExcluding": "4.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_net_csm_1277:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54C4F62C-EF24-434F-800C-07F26968EFBA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices contain a vulnerability that allows an unauthenticated attacker to violate access-control rules. The vulnerability can be triggered by sending GET request to specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration. At the time of advisory publication no public exploitation of this security vulnerability was known."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en la familia de conmutadores SCALANCE X-300 (incl. X408 y variantes SIPLUS NET), SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, revestido), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, revestido), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, revestido), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, revestido), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, revestido), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, revestido), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, revestido), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, revestido), SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, puertos en la parte delantera), SCALANCE XR324-12M (230V, puertos en la parte delantera), SCALANCE XR324-12M (230V, puertos en la parte trasera), SCALANCE XR324-12M (230V, puertos en la parte trasera), SCALANCE XR324-12M (24V, puertos en la parte delantera), SCALANCE XR324-12M (24V, puertos en la parte delantera), SCALANCE XR324-12M (24V, puertos en la parte trasera), SCALANCE XR324-12M (24V, puertos en la parte trasera), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte trasera), SCALANCE XR324-4M PoE (230V, puertos en la parte delantera), SCALANCE XR324-4M PoE (230V, puertos en la parte trasera), SCALANCE XR324-4M PoE (24V, puertos en la parte delantera), SCALANCE XR324-4M PoE (24V, puertos en la parte trasera), SCALANCE XR324-4M PoE TS (24V, puertos en la parte delantera), SIPLUS NET SCALANCE X308-2. Los dispositivos afectados contienen una vulnerabilidad que permite a un atacante no autentificado violar las reglas de control de acceso. La vulnerabilidad puede activarse enviando una solicitud GET a un localizador de recursos uniforme espec\u00edfico en la interfaz de configuraci\u00f3n web del dispositivo. La vulnerabilidad de seguridad podr\u00eda ser explotada por un atacante con acceso de red a los sistemas afectados. Un atacante podr\u00eda utilizar la vulnerabilidad para obtener informaci\u00f3n sensible o cambiar la configuraci\u00f3n del dispositivo. En el momento de la publicaci\u00f3n del aviso no se conoc\u00eda ninguna explotaci\u00f3n p\u00fablica de esta vulnerabilidad de seguridad"
}
],
"id": "CVE-2019-13933",
"lastModified": "2024-11-21T04:25:43.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-16T16:15:16.187",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf"
},
{
"source": "productcert@siemens.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-03"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2022-26334
Vulnerability from cvelistv5
Published
2022-04-12 09:07
Modified
2024-08-03 05:03
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SCALANCE X302-7 EEC (230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X304-2FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X306-1LD FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH+",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH+",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M PoE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M PoE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X320-1 FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X320-1-2LD FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X408-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M TS (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M TS (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SIPLUS NET SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-12T09:07:54",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-26334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SCALANCE X302-7 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X304-2FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X306-1LD FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1 FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1-2LD FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X408-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-26334",
"datePublished": "2022-04-12T09:07:54",
"dateReserved": "2022-03-01T00:00:00",
"dateUpdated": "2024-08-03T05:03:32.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25756
Vulnerability from cvelistv5
Published
2022-04-12 09:07
Modified
2024-08-03 04:49
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. This can be used by an attacker to trigger a malicious request on the affected device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SCALANCE X302-7 EEC (230V) |
Version: All versions < V4.1.4 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:43.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SCALANCE X302-7 EEC (230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X304-2FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X306-1LD FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH+",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH+",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M PoE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M PoE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X320-1 FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X320-1-2LD FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X408-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M TS (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M TS (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SIPLUS NET SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. This can be used by an attacker to trigger a malicious request on the affected device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-12T09:07:52",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-25756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SCALANCE X302-7 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X304-2FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X306-1LD FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1 FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1-2LD FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X408-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. This can be used by an attacker to trigger a malicious request on the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-25756",
"datePublished": "2022-04-12T09:07:52",
"dateReserved": "2022-02-22T00:00:00",
"dateUpdated": "2024-08-03T04:49:43.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26335
Vulnerability from cvelistv5
Published
2022-04-12 09:07
Modified
2024-08-03 05:03
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SCALANCE X302-7 EEC (230V) |
Version: All versions < V4.1.4 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:31.738Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SCALANCE X302-7 EEC (230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X304-2FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X306-1LD FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH+",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH+",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M PoE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M PoE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X320-1 FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X320-1-2LD FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X408-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M TS (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M TS (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SIPLUS NET SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-12T09:07:55",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-26335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SCALANCE X302-7 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X304-2FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X306-1LD FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1 FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1-2LD FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X408-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-26335",
"datePublished": "2022-04-12T09:07:55",
"dateReserved": "2022-03-01T00:00:00",
"dateUpdated": "2024-08-03T05:03:31.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25752
Vulnerability from cvelistv5
Published
2022-04-12 09:07
Modified
2024-08-03 04:49
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SCALANCE X302-7 EEC (230V) |
Version: All versions < V4.1.4 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:43.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SCALANCE X302-7 EEC (230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X304-2FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X306-1LD FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH+",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH+",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M PoE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M PoE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X320-1 FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X320-1-2LD FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X408-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M TS (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M TS (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SIPLUS NET SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330: Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-12T09:07:46",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-25752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SCALANCE X302-7 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X304-2FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X306-1LD FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1 FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1-2LD FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X408-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-330: Use of Insufficiently Random Values"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-25752",
"datePublished": "2022-04-12T09:07:46",
"dateReserved": "2022-02-22T00:00:00",
"dateUpdated": "2024-08-03T04:49:43.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13933
Vulnerability from cvelistv5
Published
2020-01-16 00:00
Modified
2024-08-05 00:05
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices contain a vulnerability that allows an unauthenticated attacker to violate access-control rules. The vulnerability can be triggered by sending GET request to specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration. At the time of advisory publication no public exploitation of this security vulnerability was known.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SCALANCE X204RNA (HSR) |
Version: All versions < V3.2.7 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:05:43.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SCALANCE X204RNA (HSR)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.7"
}
]
},
{
"product": "SCALANCE X204RNA (PRP)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.7"
}
]
},
{
"product": "SCALANCE X204RNA EEC (HSR)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.7"
}
]
},
{
"product": "SCALANCE X204RNA EEC (PRP)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.7"
}
]
},
{
"product": "SCALANCE X204RNA EEC (PRP/HSR)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.7"
}
]
},
{
"product": "SCALANCE X302-7 EEC (230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X302-7 EEC (230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X302-7 EEC (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X302-7 EEC (24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X304-2FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X306-1LD FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X307-2 EEC (230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X307-2 EEC (230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X307-2 EEC (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X307-2 EEC (24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X307-3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X307-3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X307-3LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X307-3LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X308-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X308-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X308-2LH",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X308-2LH",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X308-2LH+",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X308-2LH+",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X308-2M",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X308-2M",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X308-2M PoE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X308-2M PoE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X308-2M TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X308-2M TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X310",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X310",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X310FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X310FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X320-1 FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X320-1-2LD FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X408-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE XR324-12M TS (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE XR324-12M TS (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SIPLUS NET SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices contain a vulnerability that allows an unauthenticated attacker to violate access-control rules. The vulnerability can be triggered by sending GET request to specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf"
},
{
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-03"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-13933",
"datePublished": "2020-01-16T00:00:00",
"dateReserved": "2019-07-18T00:00:00",
"dateUpdated": "2024-08-05T00:05:43.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26380
Vulnerability from cvelistv5
Published
2022-04-12 09:07
Modified
2024-08-03 05:03
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate if a certain SNMP key exists. An attacker could use this to trigger a reboot of an affected device by requesting specific SNMP information from the device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SCALANCE X302-7 EEC (230V) |
Version: All versions < V4.1.4 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SCALANCE X302-7 EEC (230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X304-2FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X306-1LD FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH+",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH+",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M PoE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M PoE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X320-1 FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X320-1-2LD FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X408-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M TS (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M TS (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SIPLUS NET SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate if a certain SNMP key exists. An attacker could use this to trigger a reboot of an affected device by requesting specific SNMP information from the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-12T09:07:57",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-26380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SCALANCE X302-7 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X304-2FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X306-1LD FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1 FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1-2LD FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X408-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate if a certain SNMP key exists. An attacker could use this to trigger a reboot of an affected device by requesting specific SNMP information from the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-26380",
"datePublished": "2022-04-12T09:07:57",
"dateReserved": "2022-03-03T00:00:00",
"dateUpdated": "2024-08-03T05:03:32.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25751
Vulnerability from cvelistv5
Published
2022-04-12 09:07
Modified
2024-08-03 04:49
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the HTTP headers of incoming requests. This could allow an unauthenticated remote attacker to crash affected devices.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SCALANCE X302-7 EEC (230V) |
Version: All versions < V4.1.4 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:43.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SCALANCE X302-7 EEC (230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X304-2FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X306-1LD FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH+",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH+",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M PoE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M PoE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X320-1 FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X320-1-2LD FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X408-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M TS (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M TS (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SIPLUS NET SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the HTTP headers of incoming requests. This could allow an unauthenticated remote attacker to crash affected devices."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-12T09:07:43",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-25751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SCALANCE X302-7 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X304-2FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X306-1LD FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1 FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1-2LD FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X408-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the HTTP headers of incoming requests. This could allow an unauthenticated remote attacker to crash affected devices."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-25751",
"datePublished": "2022-04-12T09:07:43",
"dateReserved": "2022-02-22T00:00:00",
"dateUpdated": "2024-08-03T04:49:43.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25753
Vulnerability from cvelistv5
Published
2022-04-12 09:07
Modified
2024-08-03 04:49
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The handling of arguments such as IP addresses in the CLI of affected devices is prone to buffer overflows. This could allow an authenticated remote attacker to execute arbitrary code on the device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SCALANCE X302-7 EEC (230V) |
Version: All versions < V4.1.4 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:43.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SCALANCE X302-7 EEC (230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X304-2FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X306-1LD FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH+",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH+",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M PoE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M PoE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X320-1 FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X320-1-2LD FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X408-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M TS (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M TS (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SIPLUS NET SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The handling of arguments such as IP addresses in the CLI of affected devices is prone to buffer overflows. This could allow an authenticated remote attacker to execute arbitrary code on the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-12T09:07:47",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-25753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SCALANCE X302-7 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X304-2FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X306-1LD FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1 FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1-2LD FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X408-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The handling of arguments such as IP addresses in the CLI of affected devices is prone to buffer overflows. This could allow an authenticated remote attacker to execute arbitrary code on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-25753",
"datePublished": "2022-04-12T09:07:47",
"dateReserved": "2022-02-22T00:00:00",
"dateUpdated": "2024-08-03T04:49:43.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25755
Vulnerability from cvelistv5
Published
2022-04-12 09:07
Modified
2024-08-03 04:49
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The webserver of an affected device is missing specific security headers. This could allow an remote attacker to extract confidential session information under certain circumstances.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SCALANCE X302-7 EEC (230V) |
Version: All versions < V4.1.4 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:43.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SCALANCE X302-7 EEC (230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X304-2FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X306-1LD FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH+",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH+",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M PoE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M PoE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X320-1 FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X320-1-2LD FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X408-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M TS (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M TS (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SIPLUS NET SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The webserver of an affected device is missing specific security headers. This could allow an remote attacker to extract confidential session information under certain circumstances."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-12T09:07:50",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-25755",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SCALANCE X302-7 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X304-2FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X306-1LD FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1 FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1-2LD FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X408-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The webserver of an affected device is missing specific security headers. This could allow an remote attacker to extract confidential session information under certain circumstances."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-25755",
"datePublished": "2022-04-12T09:07:50",
"dateReserved": "2022-02-22T00:00:00",
"dateUpdated": "2024-08-03T04:49:43.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25754
Vulnerability from cvelistv5
Published
2022-04-12 09:07
Modified
2024-08-03 04:49
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server of the affected device could allow remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SCALANCE X302-7 EEC (230V) |
Version: All versions < V4.1.4 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:43.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SCALANCE X302-7 EEC (230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X304-2FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X306-1LD FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH+",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH+",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M PoE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M PoE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X320-1 FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X320-1-2LD FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X408-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M TS (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M TS (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SIPLUS NET SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server of the affected device could allow remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-12T09:07:49",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-25754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SCALANCE X302-7 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X304-2FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X306-1LD FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1 FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1-2LD FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X408-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server of the affected device could allow remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-25754",
"datePublished": "2022-04-12T09:07:49",
"dateReserved": "2022-02-22T00:00:00",
"dateUpdated": "2024-08-03T04:49:43.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}