cve-2022-25752
Vulnerability from cvelistv5
Published
2022-04-12 09:07
Modified
2024-08-03 04:49
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.
References
▼ | URL | Tags | |
---|---|---|---|
productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf | Mitigation, Patch, Vendor Advisory |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:49:43.562Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SCALANCE X302-7 EEC (230V)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X302-7 EEC (230V, coated)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X302-7 EEC (24V)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X302-7 EEC (24V, coated)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X302-7 EEC (2x 230V)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X302-7 EEC (2x 230V, coated)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X302-7 EEC (2x 24V)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X302-7 EEC (2x 24V, coated)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X304-2FE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X306-1LD FE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X307-2 EEC (230V)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X307-2 EEC (230V, coated)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X307-2 EEC (24V)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X307-2 EEC (24V, coated)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X307-2 EEC (2x 230V)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X307-2 EEC (2x 230V, coated)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X307-2 EEC (2x 24V)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X307-2 EEC (2x 24V, coated)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X307-3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X307-3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X307-3LD", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X307-3LD", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X308-2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X308-2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X308-2LD", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X308-2LD", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X308-2LH", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X308-2LH", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X308-2LH+", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X308-2LH+", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X308-2M", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X308-2M", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X308-2M PoE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X308-2M PoE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X308-2M TS", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X308-2M TS", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X310", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X310", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X310FE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X310FE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X320-1 FE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X320-1-2LD FE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE X408-2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE XR324-12M (230V, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE XR324-12M (230V, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE XR324-12M (230V, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE XR324-12M (230V, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE XR324-12M (24V, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE XR324-12M (24V, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE XR324-12M (24V, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE XR324-12M (24V, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE XR324-12M TS (24V)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE XR324-12M TS (24V)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE XR324-4M EEC (24V, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE XR324-4M EEC (24V, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE XR324-4M EEC (24V, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE XR324-4M EEC (24V, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE XR324-4M PoE (230V, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE XR324-4M PoE (230V, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE XR324-4M PoE (24V, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE XR324-4M PoE (24V, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SCALANCE XR324-4M PoE TS (24V, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "product": "SIPLUS NET SCALANCE X308-2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-330", "description": "CWE-330: Use of Insufficiently Random Values", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-04-12T09:07:46", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2022-25752", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SCALANCE X302-7 EEC (230V)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X302-7 EEC (230V, coated)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X302-7 EEC (24V)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X302-7 EEC (24V, coated)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X302-7 EEC (2x 230V)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X302-7 EEC (2x 230V, coated)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X302-7 EEC (2x 24V)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X302-7 EEC (2x 24V, coated)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X304-2FE", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X306-1LD FE", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X307-2 EEC (230V)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X307-2 EEC (230V, coated)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X307-2 EEC (24V)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X307-2 EEC (24V, coated)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X307-2 EEC (2x 230V)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X307-2 EEC (2x 230V, coated)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X307-2 EEC (2x 24V)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X307-2 EEC (2x 24V, coated)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X307-3", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X307-3", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X307-3LD", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X307-3LD", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X308-2", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X308-2", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X308-2LD", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X308-2LD", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X308-2LH", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X308-2LH", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X308-2LH+", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X308-2LH+", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X308-2M", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X308-2M", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X308-2M PoE", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X308-2M PoE", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X308-2M TS", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X308-2M TS", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X310", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X310", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X310FE", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X310FE", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X320-1 FE", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X320-1-2LD FE", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE X408-2", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE XR324-12M (230V, ports on front)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE XR324-12M (230V, ports on front)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE XR324-12M (230V, ports on rear)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE XR324-12M (230V, ports on rear)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE XR324-12M (24V, ports on front)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE XR324-12M (24V, ports on front)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE XR324-12M (24V, ports on rear)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE XR324-12M (24V, ports on rear)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE XR324-12M TS (24V)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE XR324-12M TS (24V)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE XR324-4M EEC (24V, ports on front)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE XR324-4M EEC (24V, ports on front)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE XR324-4M PoE (230V, ports on front)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE XR324-4M PoE (230V, ports on rear)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE XR324-4M PoE (24V, ports on front)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE XR324-4M PoE (24V, ports on rear)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SCALANCE XR324-4M PoE TS (24V, ports on front)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } }, { "product_name": "SIPLUS NET SCALANCE X308-2", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1.4" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-330: Use of Insufficiently Random Values" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-25752", "datePublished": "2022-04-12T09:07:46", "dateReserved": "2022-02-22T00:00:00", "dateUpdated": "2024-08-03T04:49:43.562Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2022-25752\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2022-04-12T09:15:14.650\",\"lastModified\":\"2022-04-19T18:07:50.140\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, revestido), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, revestido), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, revestido), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, revestido), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, revestido), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, revestido), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, revestido), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, revestido), SCALANCE X307-3 SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, puertos en la parte frontal), SCALANCE XR324-12M (230V, puertos en la parte delantera), SCALANCE XR324-12M (230V, puertos en la parte trasera), SCALANCE XR324-12M (230V, puertos en la parte trasera), SCALANCE XR324-12M (24V, puertos en la parte delantera), SCALANCE XR324-12M (24V, puertos en la parte delantera), SCALANCE XR324-12M (24V, puertos en la parte trasera), SCALANCE XR324-12M (24V, puertos en la parte trasera), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte trasera), SCALANCE XR324-4M PoE (230V, puertos en la parte delantera), SCALANCE XR324-4M PoE (230V, puertos en la parte trasera), SCALANCE XR324-4M PoE (24V, puertos en la parte delantera), SCALANCE XR324-4M PoE (24V, puertos en la parte trasera), SCALANCE XR324-4M PoE TS (24V, puertos en la parte delantera), SIPLUS NET SCALANCE X308-2. El servidor web de los dispositivos afectados calcula los identificadores de sesi\u00f3n y los nonces de forma no segura. Esto podr\u00eda permitir a un atacante remoto no autenticado forzar los identificadores de sesi\u00f3n y secuestrar las sesiones existentes\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":7.5},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-330\"}]},{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-330\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x302-7eec_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.4\",\"matchCriteriaId\":\"7FB6F150-2662-44AE-8DC1-0B0A426E8352\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x302-7eec:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8E97B3B-1808-45D2-97B7-CF31CA6E7A60\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x304-2fe_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.4\",\"matchCriteriaId\":\"E9F4071F-1AE2-4FAD-A8CB-1619552101A3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x304-2fe:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0087A1C6-AA76-4FD6-BAA1-D3190D2A0116\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x306-1ldfe_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.4\",\"matchCriteriaId\":\"4B78CFDF-1B15-4A4B-99D4-8CC5E1867BD1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x306-1ldfe:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"880CF41B-B25D-4744-8E8B-C4B131932B1B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x307-2eec_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.4\",\"matchCriteriaId\":\"CCB1094D-3F8A-4331-ABB9-46B73F7E008F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x307-2eec:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"804EE08B-75A1-4CF6-9C30-8CF0CDC39658\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x307-3_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.4\",\"matchCriteriaId\":\"EE21803A-A5CA-482A-ABD2-C9A547831BF6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x307-3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55EF0738-C9EF-4E4B-A7E7-ECC1B5F0678A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x307-3ld_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.4\",\"matchCriteriaId\":\"EEBFBB10-35E0-46BB-A937-E9A933C4D5BC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x307-3ld:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7737F0C2-43FC-4330-88F2-9B08BA5B35D7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x308-2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.4\",\"matchCriteriaId\":\"4C91F6DD-A74C-4310-88AB-63A39D0208BE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x308-2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CCED3E4-38EF-4645-B25C-4F2C3D4E091C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x308-2ld_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.4\",\"matchCriteriaId\":\"6B5513D8-59DD-4EE1-B2E8-F800D1DA7BC5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x308-2ld:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE1909FA-C8C6-46BE-83C6-2635D36FE69B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x308-2lh_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.4\",\"matchCriteriaId\":\"A11DE626-D744-49A7-93C4-FE2C2AF5245F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x308-2lh:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DDBD94D-5312-4A54-AF76-D9DF791C0292\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x308-2lh\\\\+_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.4\",\"matchCriteriaId\":\"DC259CD1-5C79-4491-B375-7A69116F2747\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x308-2lh\\\\+:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85153EED-C677-495D-A6BB-72365DE1ED3F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x308-2m_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.4\",\"matchCriteriaId\":\"79918934-7B0B-4032-972E-2347CD33029D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x308-2m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC54911E-C432-48FA-9551-9644422FFE14\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x308-2m_poe_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00FBD442-84AA-48F3-8AD1-5767FFB2FC3F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x308-2m_poe:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E22C57C-2BD6-4C39-93D2-5D81A58EA6F0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x308-2m_ts_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.4\",\"matchCriteriaId\":\"E72D4503-5AAE-4C6F-BAE9-FA51701191B1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x308-2m_ts:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFCCB68C-A58D-4543-A11F-721B01FFBBA4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x310_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.4\",\"matchCriteriaId\":\"CA2333C8-E9C7-43D8-9EAA-A88ECAAB4236\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x310:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FE3716E-1C0A-4B72-809A-8318E5853FB1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x310fe_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.4\",\"matchCriteriaId\":\"7EECD381-262F-4C47-90E1-7B44092C74BD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x310fe:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FB34E83-83A3-45C3-B040-D8910971D439\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x320-1fe_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.4\",\"matchCriteriaId\":\"36C40232-5696-44CC-B38F-5331A745C760\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x320-1fe:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC54880F-CBF4-4772-A4FB-B07D97287D44\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x320-1-2ldfe_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.4\",\"matchCriteriaId\":\"2F1969E4-CFD6-4AC7-956E-374967F5C406\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x320-1-2ldfe:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2D400F5-AD80-4536-A99D-793E1560757B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x408-2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.4\",\"matchCriteriaId\":\"3ACB931D-C484-42F4-9912-24B44FE97017\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x408-2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C632B90-EB11-4A4C-8128-DABBE044B9AF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xr324-4m_eec_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.4\",\"matchCriteriaId\":\"B1EFA152-D29B-4116-A3D2-ACF7A025E053\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xr324-4m_eec:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F952542-6B79-4681-A236-15C188AAEB1E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xr324-4m_poe_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.4\",\"matchCriteriaId\":\"935CD21D-0471-4D1F-AF81-B1F996A9EFAB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xr324-4m_poe:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"664D9C76-BC13-4874-939C-A8211DA33903\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xr324-4m_poe_ts_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.4\",\"matchCriteriaId\":\"E2C0F1FB-8B5E-448C-A304-FDDCB3DFCDD4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xr324-4m_poe_ts:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4834A67B-7B0B-4F88-BBFB-25667FD68EC5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xr324-12m_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.4\",\"matchCriteriaId\":\"3E0E1F54-D9EA-4AFB-80EF-0A585EC3C641\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xr324-12m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36C9AE74-4683-4ED0-A605-3A6B065C230E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xr324-12m_ts_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.4\",\"matchCriteriaId\":\"DC03DF92-C7A1-4232-AFDF-04B2B50666DB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xr324-12m_ts:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4356417E-B4CB-45B0-B395-CE9D423FAB44\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:siplus_net_scalance_x308-2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.4\",\"matchCriteriaId\":\"25103533-B9BC-4553-B195-AF5CACAB713B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:siplus_net_scalance_x308-2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C48C944-324B-4390-B9D1-3D0FC3DD5BFD\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]}]}}" } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.