Action not permitted
Modal body text goes here.
ghsa-pm3p-vw5f-jpj5
Vulnerability from github
Published
2022-04-13 00:00
Modified
2022-04-20 00:00
Severity
Details
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server of the affected device could allow remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request.
{
"affected": [],
"aliases": [
"CVE-2022-25754"
],
"database_specific": {
"cwe_ids": [
"CWE-352"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-12T09:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server of the affected device could allow remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request.",
"id": "GHSA-pm3p-vw5f-jpj5",
"modified": "2022-04-20T00:00:52Z",
"published": "2022-04-13T00:00:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25754"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
cve-2022-25754
Vulnerability from cvelistv5
Published
2022-04-12 09:07
Modified
2024-08-03 04:49
Severity
Summary
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server of the affected device could allow remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request.
References
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:43.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SCALANCE X302-7 EEC (230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X304-2FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X306-1LD FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH+",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH+",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M PoE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M PoE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X320-1 FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X320-1-2LD FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X408-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M TS (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M TS (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SIPLUS NET SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server of the affected device could allow remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-12T09:07:49",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-25754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SCALANCE X302-7 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X304-2FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X306-1LD FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1 FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1-2LD FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X408-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server of the affected device could allow remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-25754",
"datePublished": "2022-04-12T09:07:49",
"dateReserved": "2022-02-22T00:00:00",
"dateUpdated": "2024-08-03T04:49:43.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading...