gsd-2022-26649
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices.
Aliases
Aliases



{
  "GSD": {
    "alias": "CVE-2022-26649",
    "description": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions), SCALANCE X200-4P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X202-2IRT (All versions), SCALANCE X202-2IRT (All versions), SCALANCE X202-2P IRT (All versions), SCALANCE X202-2P IRT (All versions), SCALANCE X202-2P IRT PRO (All versions), SCALANCE X202-2P IRT PRO (All versions), SCALANCE X204-2 (All versions \u003c V5.2.6), SCALANCE X204-2FM (All versions \u003c V5.2.6), SCALANCE X204-2LD (All versions \u003c V5.2.6), SCALANCE X204-2LD TS (All versions \u003c V5.2.6), SCALANCE X204-2TS (All versions \u003c V5.2.6), SCALANCE X204IRT (All versions), SCALANCE X204IRT (All versions), SCALANCE X204IRT PRO (All versions), SCALANCE X204IRT PRO (All versions), SCALANCE X206-1 (All versions \u003c V5.2.6), SCALANCE X206-1LD (All versions \u003c V5.2.6), SCALANCE X208 (All versions \u003c V5.2.6), SCALANCE X208PRO (All versions \u003c V5.2.6), SCALANCE X212-2 (All versions \u003c V5.2.6), SCALANCE X212-2LD (All versions \u003c V5.2.6), SCALANCE X216 (All versions \u003c V5.2.6), SCALANCE X224 (All versions \u003c V5.2.6), SCALANCE XF201-3P IRT (All versions), SCALANCE XF202-2P IRT (All versions), SCALANCE XF204 (All versions \u003c V5.2.6), SCALANCE XF204-2 (All versions \u003c V5.2.6), SCALANCE XF204-2BA IRT (All versions), SCALANCE XF204IRT (All versions), SCALANCE XF204IRT (All versions), SCALANCE XF206-1 (All versions \u003c V5.2.6), SCALANCE XF208 (All versions \u003c V5.2.6). Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices.",
    "id": "GSD-2022-26649"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-26649"
      ],
      "details": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT PRO (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT PRO (All versions \u003c V5.5.2), SCALANCE X204-2 (All versions \u003c V5.2.6), SCALANCE X204-2FM (All versions \u003c V5.2.6), SCALANCE X204-2LD (All versions \u003c V5.2.6), SCALANCE X204-2LD TS (All versions \u003c V5.2.6), SCALANCE X204-2TS (All versions \u003c V5.2.6), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT PRO (All versions \u003c V5.5.2), SCALANCE X206-1 (All versions \u003c V5.2.6), SCALANCE X206-1LD (All versions \u003c V5.2.6), SCALANCE X208 (All versions \u003c V5.2.6), SCALANCE X208PRO (All versions \u003c V5.2.6), SCALANCE X212-2 (All versions \u003c V5.2.6), SCALANCE X212-2LD (All versions \u003c V5.2.6), SCALANCE X216 (All versions \u003c V5.2.6), SCALANCE X224 (All versions \u003c V5.2.6), SCALANCE XF201-3P IRT (All versions \u003c V5.5.2), SCALANCE XF202-2P IRT (All versions \u003c V5.5.2), SCALANCE XF204 (All versions \u003c V5.2.6), SCALANCE XF204-2 (All versions \u003c V5.2.6), SCALANCE XF204-2BA IRT (All versions \u003c V5.5.2), SCALANCE XF204IRT (All versions \u003c V5.5.2), SCALANCE XF206-1 (All versions \u003c V5.2.6), SCALANCE XF208 (All versions \u003c V5.2.6). Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices.",
      "id": "GSD-2022-26649",
      "modified": "2023-12-13T01:19:39.147128Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "ID": "CVE-2022-26649",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SCALANCE X200-4P IRT",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V5.5.2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SCALANCE X201-3P IRT",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V5.5.2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SCALANCE X201-3P IRT PRO",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V5.5.2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SCALANCE X202-2IRT",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V5.5.2"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V5.5.2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SCALANCE X202-2P IRT",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V5.5.2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SCALANCE X202-2P IRT PRO",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V5.5.2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SCALANCE X204-2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V5.2.6"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SCALANCE X204-2FM",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V5.2.6"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SCALANCE X204-2LD",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V5.2.6"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SCALANCE X204-2LD TS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V5.2.6"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SCALANCE X204-2TS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V5.2.6"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SCALANCE X204IRT",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V5.5.2"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V5.5.2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SCALANCE X204IRT PRO",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V5.5.2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SCALANCE X206-1",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V5.2.6"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SCALANCE X206-1LD",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V5.2.6"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SCALANCE X208",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V5.2.6"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SCALANCE X208PRO",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V5.2.6"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SCALANCE X212-2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V5.2.6"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SCALANCE X212-2LD",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V5.2.6"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SCALANCE X216",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V5.2.6"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SCALANCE X224",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V5.2.6"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SCALANCE XF201-3P IRT",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V5.5.2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SCALANCE XF202-2P IRT",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V5.5.2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SCALANCE XF204",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V5.2.6"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SCALANCE XF204-2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V5.2.6"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SCALANCE XF204-2BA IRT",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V5.5.2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SCALANCE XF204IRT",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V5.5.2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SCALANCE XF206-1",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V5.2.6"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SCALANCE XF208",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V5.2.6"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Siemens"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT PRO (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT PRO (All versions \u003c V5.5.2), SCALANCE X204-2 (All versions \u003c V5.2.6), SCALANCE X204-2FM (All versions \u003c V5.2.6), SCALANCE X204-2LD (All versions \u003c V5.2.6), SCALANCE X204-2LD TS (All versions \u003c V5.2.6), SCALANCE X204-2TS (All versions \u003c V5.2.6), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT PRO (All versions \u003c V5.5.2), SCALANCE X206-1 (All versions \u003c V5.2.6), SCALANCE X206-1LD (All versions \u003c V5.2.6), SCALANCE X208 (All versions \u003c V5.2.6), SCALANCE X208PRO (All versions \u003c V5.2.6), SCALANCE X212-2 (All versions \u003c V5.2.6), SCALANCE X212-2LD (All versions \u003c V5.2.6), SCALANCE X216 (All versions \u003c V5.2.6), SCALANCE X224 (All versions \u003c V5.2.6), SCALANCE XF201-3P IRT (All versions \u003c V5.5.2), SCALANCE XF202-2P IRT (All versions \u003c V5.5.2), SCALANCE XF204 (All versions \u003c V5.2.6), SCALANCE XF204-2 (All versions \u003c V5.2.6), SCALANCE XF204-2BA IRT (All versions \u003c V5.5.2), SCALANCE XF204IRT (All versions \u003c V5.5.2), SCALANCE XF206-1 (All versions \u003c V5.2.6), SCALANCE XF208 (All versions \u003c V5.2.6). Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-120",
                "lang": "eng",
                "value": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf",
            "refsource": "MISC",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x204-2_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "5.2.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x204-2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x204-2fm_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "5.2.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x204-2fm:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x204-2ld_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "5.2.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x204-2ld:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x204-2ld_ts_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "5.2.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x204-2ld_ts:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x204-2ts_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "5.2.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x204-2ts:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x206-1_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "5.2.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x206-1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x206-1ld_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "5.2.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x206-1ld:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x208_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "5.2.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x208:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x208_pro_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "5.2.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x208_pro:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x212-2_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "5.2.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x212-2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x212-2ld_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "5.2.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x212-2ld:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x216_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "5.2.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x216:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x224_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "5.2.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x224:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_xf204_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "5.2.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_xf204:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_xf204-2_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "5.2.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_xf204-2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_xf206-1_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "5.2.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_xf206-1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_xf208_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "5.2.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_xf208:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x200-4p_irt_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x200-4p_irt:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x201-3p_irt_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x201-3p_irt:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x201-3p_irt_pro_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x201-3p_irt_pro:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x202-2irt_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x202-2irt:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x202-2p_irt_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x202-2p_irt:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x202-2p_irt_pro_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x202-2p_irt_pro:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x204irt_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x204irt:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x204irt_pro_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x204irt_pro:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_xf201-3p_irt_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_xf201-3p_irt:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_xf202-2p_irt_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_xf202-2p_irt:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_xf204-2ba_irt_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_xf204-2ba_irt:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_xf204irt_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_xf204irt:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2022-26649"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT PRO (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT PRO (All versions \u003c V5.5.2), SCALANCE X204-2 (All versions \u003c V5.2.6), SCALANCE X204-2FM (All versions \u003c V5.2.6), SCALANCE X204-2LD (All versions \u003c V5.2.6), SCALANCE X204-2LD TS (All versions \u003c V5.2.6), SCALANCE X204-2TS (All versions \u003c V5.2.6), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT PRO (All versions \u003c V5.5.2), SCALANCE X206-1 (All versions \u003c V5.2.6), SCALANCE X206-1LD (All versions \u003c V5.2.6), SCALANCE X208 (All versions \u003c V5.2.6), SCALANCE X208PRO (All versions \u003c V5.2.6), SCALANCE X212-2 (All versions \u003c V5.2.6), SCALANCE X212-2LD (All versions \u003c V5.2.6), SCALANCE X216 (All versions \u003c V5.2.6), SCALANCE X224 (All versions \u003c V5.2.6), SCALANCE XF201-3P IRT (All versions \u003c V5.5.2), SCALANCE XF202-2P IRT (All versions \u003c V5.5.2), SCALANCE XF204 (All versions \u003c V5.2.6), SCALANCE XF204-2 (All versions \u003c V5.2.6), SCALANCE XF204-2BA IRT (All versions \u003c V5.5.2), SCALANCE XF204IRT (All versions \u003c V5.5.2), SCALANCE XF206-1 (All versions \u003c V5.2.6), SCALANCE XF208 (All versions \u003c V5.2.6). Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-120"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "N/A",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 6.0
        }
      },
      "lastModifiedDate": "2023-04-11T10:15Z",
      "publishedDate": "2022-07-12T10:15Z"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.