variot - var-202204-0495

VAR-202204-0495

Vulnerability from variot - Updated: 2023-12-18 11:56

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server of the affected device could allow remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. plural SCALANCE The product contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLC) or human machine interfaces (HMI). SIPLUS extreme is designed for reliable operation under extreme conditions

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202204-0495",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "scalance xr324-4m eec",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "4.1.4"
      },
      {
        "model": "scalance xr324-4m poe",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "4.1.4"
      },
      {
        "model": "scalance xr324-4m poe ts",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "4.1.4"
      },
      {
        "model": "scalance xr324-12m",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "4.1.4"
      },
      {
        "model": "scalance xr324-12m ts",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "4.1.4"
      },
      {
        "model": "scalance x308-2m",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "4.1.4"
      },
      {
        "model": "scalance x307-3ld",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "4.1.4"
      },
      {
        "model": "scalance x304-2fe",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "4.1.4"
      },
      {
        "model": "scalance x310fe",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "4.1.4"
      },
      {
        "model": "scalance x308-2m ts",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "4.1.4"
      },
      {
        "model": "scalance x308-2ld",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "4.1.4"
      },
      {
        "model": "scalance x308-2lh",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "4.1.4"
      },
      {
        "model": "scalance x320-1fe",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.1.4"
      },
      {
        "model": "scalance x307-3",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.1.4"
      },
      {
        "model": "scalance x302-7eec",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.1.4"
      },
      {
        "model": "scalance x320-1-2ldfe",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.1.4"
      },
      {
        "model": "siplus net scalance x308-2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.1.4"
      },
      {
        "model": "scalance x408-2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.1.4"
      },
      {
        "model": "scalance x308-2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.1.4"
      },
      {
        "model": "scalance x306-1ldfe",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.1.4"
      },
      {
        "model": "scalance x308-2m poe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance x308-2lh\\+",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.1.4"
      },
      {
        "model": "scalance x310",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.1.4"
      },
      {
        "model": "scalance x307-2eec",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.1.4"
      },
      {
        "model": "scalance x304-2fe",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "scalance x307-3ld",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "scalance x307-3",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "scalance x308-2",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "scalance x307-2eec",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "scalance x308-2ld",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "scalance x308-2lh+",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "scalance x308-2lh",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "scalance x306-1ldfe",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "scalance x302-7eec",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "scalance fe",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "x320-1\u003c4.1.4"
      },
      {
        "model": "scalance x320-1-2ld fe",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.1.4"
      },
      {
        "model": "scalance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "x408-2\u003c4.1.4"
      },
      {
        "model": "siplus net scalance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "x308-2\u003c4.1.4"
      },
      {
        "model": "scalance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "x307-3\u003c4.1.4"
      },
      {
        "model": "scalance eec",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "x307-2\u003c4.1.4"
      },
      {
        "model": "scalance x306-1ld fe",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.1.4"
      },
      {
        "model": "scalance eec",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "x302-7\u003c4.1.4"
      },
      {
        "model": "scalance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "x310\u003c4.1.4"
      },
      {
        "model": "scalance x308-2m poe",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.1.4"
      },
      {
        "model": "scalance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "x308-2\u003c4.1.4"
      },
      {
        "model": "scalance x308-2lh+",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.1.4"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-28483"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-001595"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-25754"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x302-7eec_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x302-7eec:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x304-2fe_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x304-2fe:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x306-1ldfe_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x306-1ldfe:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x307-2eec_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x307-2eec:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x307-3_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x307-3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x307-3ld_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x307-3ld:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x308-2_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x308-2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x308-2ld_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x308-2ld:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x308-2lh_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x308-2lh:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x308-2lh\\+_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x308-2lh\\+:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x308-2m_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x308-2m:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x308-2m_poe_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x308-2m_poe:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x308-2m_ts_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x308-2m_ts:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x310_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x310:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x310fe_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x310fe:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x320-1fe_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x320-1fe:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x320-1-2ldfe_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x320-1-2ldfe:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x408-2_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x408-2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_xr324-4m_eec_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_xr324-4m_eec:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_xr324-4m_poe_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_xr324-4m_poe:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_xr324-4m_poe_ts_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_xr324-4m_poe_ts:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_xr324-12m_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_xr324-12m:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_xr324-12m_ts_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_xr324-12m_ts:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:siplus_net_scalance_x308-2_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:siplus_net_scalance_x308-2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-25754"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Michael Messner and Abian Blome of Siemens Energy coordinated the disclosure of CVE-2022-25751 and CVE-2022-25756 to CISA.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-3139"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2022-25754",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2022-25754",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "id": "CNVD-2022-28483",
            "impactScore": 9.2,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2022-25754",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-25754",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2022-28483",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202204-3139",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2022-25754",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-28483"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-25754"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-001595"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-25754"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-3139"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server of the affected device could allow remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. plural  SCALANCE The product contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service is disrupted  (DoS) It may be put into a state. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLC) or human machine interfaces (HMI). SIPLUS extreme is designed for reliable operation under extreme conditions",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-25754"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-001595"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-28483"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-25754"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-25754",
        "trust": 3.9
      },
      {
        "db": "SIEMENS",
        "id": "SSA-836527",
        "trust": 2.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-104-09",
        "trust": 1.5
      },
      {
        "db": "JVN",
        "id": "JVNVU91165555",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-001595",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-28483",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-3139",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-25754",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-28483"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-25754"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-001595"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-25754"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-3139"
      }
    ]
  },
  "id": "VAR-202204-0495",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-28483"
      }
    ],
    "trust": 1.2919426426666667
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-28483"
      }
    ]
  },
  "last_update_date": "2023-12-18T11:56:14.715000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-836527",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
      },
      {
        "title": "Patch for Siemens SCALANCE X-300 Switch Family Devices Cross-Site Request Forgery Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/329316"
      },
      {
        "title": "Multiple  Siemens Repair measures for product cross-site request forgery vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=190129"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-28483"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-001595"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-3139"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-352",
        "trust": 1.0
      },
      {
        "problemtype": "Cross-site request forgery (CWE-352) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-001595"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-25754"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
      },
      {
        "trust": 0.9,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-09"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu91165555/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25754"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-25754/"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-104-09"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/352.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-28483"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-25754"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-001595"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-25754"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-3139"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-28483"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-25754"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-001595"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-25754"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-3139"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-04-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-28483"
      },
      {
        "date": "2022-04-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-25754"
      },
      {
        "date": "2022-04-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-001595"
      },
      {
        "date": "2022-04-12T09:15:14.747000",
        "db": "NVD",
        "id": "CVE-2022-25754"
      },
      {
        "date": "2022-04-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202204-3139"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-04-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-28483"
      },
      {
        "date": "2022-04-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-25754"
      },
      {
        "date": "2022-04-26T09:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-001595"
      },
      {
        "date": "2022-04-19T18:09:34.047000",
        "db": "NVD",
        "id": "CVE-2022-25754"
      },
      {
        "date": "2022-04-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202204-3139"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-3139"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural \u00a0SCALANCE\u00a0 Cross-site request forgery vulnerability in product",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-001595"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "cross-site request forgery",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-3139"
      }
    ],
    "trust": 0.6
  }
}

CVE-2022-25754 (GCVE-0-2022-25754)

Vulnerability from cvelistv5 – Published: 2022-04-12 09:07 – Updated: 2024-08-03 04:49

Summary

Severity ?

No CVSS data available.

CWE

CWE-352 - Cross-Site Request Forgery (CSRF)

Assigner

siemens

References

URL

Tags

https://cert-portal.siemens.com/productcert/pdf/s…

x_refsource_MISC

Impacted products

Vendor

Product

Version

Siemens

SCALANCE X302-7 EEC (230V)

Affected: All versions < V4.1.4

Siemens	SCALANCE X302-7 EEC (230V, coated)	Affected: All versions < V4.1.4
Siemens	SCALANCE X302-7 EEC (24V)	Affected: All versions < V4.1.4
Siemens	SCALANCE X302-7 EEC (24V, coated)	Affected: All versions < V4.1.4
Siemens	SCALANCE X302-7 EEC (2x 230V)	Affected: All versions < V4.1.4
Siemens	SCALANCE X302-7 EEC (2x 230V, coated)	Affected: All versions < V4.1.4
Siemens	SCALANCE X302-7 EEC (2x 24V)	Affected: All versions < V4.1.4
Siemens	SCALANCE X302-7 EEC (2x 24V, coated)	Affected: All versions < V4.1.4
Siemens	SCALANCE X304-2FE	Affected: All versions < V4.1.4
Siemens	SCALANCE X306-1LD FE	Affected: All versions < V4.1.4
Siemens	SCALANCE X307-2 EEC (230V)	Affected: All versions < V4.1.4
Siemens	SCALANCE X307-2 EEC (230V, coated)	Affected: All versions < V4.1.4
Siemens	SCALANCE X307-2 EEC (24V)	Affected: All versions < V4.1.4
Siemens	SCALANCE X307-2 EEC (24V, coated)	Affected: All versions < V4.1.4
Siemens	SCALANCE X307-2 EEC (2x 230V)	Affected: All versions < V4.1.4
Siemens	SCALANCE X307-2 EEC (2x 230V, coated)	Affected: All versions < V4.1.4
Siemens	SCALANCE X307-2 EEC (2x 24V)	Affected: All versions < V4.1.4
Siemens	SCALANCE X307-2 EEC (2x 24V, coated)	Affected: All versions < V4.1.4
Siemens	SCALANCE X307-3	Affected: All versions < V4.1.4
Siemens	SCALANCE X307-3	Affected: All versions < V4.1.4
Siemens	SCALANCE X307-3LD	Affected: All versions < V4.1.4
Siemens	SCALANCE X307-3LD	Affected: All versions < V4.1.4
Siemens	SCALANCE X308-2	Affected: All versions < V4.1.4
Siemens	SCALANCE X308-2	Affected: All versions < V4.1.4
Siemens	SCALANCE X308-2LD	Affected: All versions < V4.1.4
Siemens	SCALANCE X308-2LD	Affected: All versions < V4.1.4
Siemens	SCALANCE X308-2LH	Affected: All versions < V4.1.4
Siemens	SCALANCE X308-2LH	Affected: All versions < V4.1.4
Siemens	SCALANCE X308-2LH+	Affected: All versions < V4.1.4
Siemens	SCALANCE X308-2LH+	Affected: All versions < V4.1.4
Siemens	SCALANCE X308-2M	Affected: All versions < V4.1.4
Siemens	SCALANCE X308-2M	Affected: All versions < V4.1.4
Siemens	SCALANCE X308-2M PoE	Affected: All versions < V4.1.4
Siemens	SCALANCE X308-2M PoE	Affected: All versions < V4.1.4
Siemens	SCALANCE X308-2M TS	Affected: All versions < V4.1.4
Siemens	SCALANCE X308-2M TS	Affected: All versions < V4.1.4
Siemens	SCALANCE X310	Affected: All versions < V4.1.4
Siemens	SCALANCE X310	Affected: All versions < V4.1.4
Siemens	SCALANCE X310FE	Affected: All versions < V4.1.4
Siemens	SCALANCE X310FE	Affected: All versions < V4.1.4
Siemens	SCALANCE X320-1 FE	Affected: All versions < V4.1.4
Siemens	SCALANCE X320-1-2LD FE	Affected: All versions < V4.1.4
Siemens	SCALANCE X408-2	Affected: All versions < V4.1.4
Siemens	SCALANCE XR324-12M (230V, ports on front)	Affected: All versions < V4.1.4
Siemens	SCALANCE XR324-12M (230V, ports on front)	Affected: All versions < V4.1.4
Siemens	SCALANCE XR324-12M (230V, ports on rear)	Affected: All versions < V4.1.4
Siemens	SCALANCE XR324-12M (230V, ports on rear)	Affected: All versions < V4.1.4
Siemens	SCALANCE XR324-12M (24V, ports on front)	Affected: All versions < V4.1.4
Siemens	SCALANCE XR324-12M (24V, ports on front)	Affected: All versions < V4.1.4
Siemens	SCALANCE XR324-12M (24V, ports on rear)	Affected: All versions < V4.1.4
Siemens	SCALANCE XR324-12M (24V, ports on rear)	Affected: All versions < V4.1.4
Siemens	SCALANCE XR324-12M TS (24V)	Affected: All versions < V4.1.4
Siemens	SCALANCE XR324-12M TS (24V)	Affected: All versions < V4.1.4
Siemens	SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)	Affected: All versions < V4.1.4
Siemens	SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)	Affected: All versions < V4.1.4
Siemens	SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)	Affected: All versions < V4.1.4
Siemens	SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)	Affected: All versions < V4.1.4
Siemens	SCALANCE XR324-4M EEC (24V, ports on front)	Affected: All versions < V4.1.4
Siemens	SCALANCE XR324-4M EEC (24V, ports on front)	Affected: All versions < V4.1.4
Siemens	SCALANCE XR324-4M EEC (24V, ports on rear)	Affected: All versions < V4.1.4
Siemens	SCALANCE XR324-4M EEC (24V, ports on rear)	Affected: All versions < V4.1.4
Siemens	SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)	Affected: All versions < V4.1.4
Siemens	SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)	Affected: All versions < V4.1.4
Siemens	SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)	Affected: All versions < V4.1.4
Siemens	SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)	Affected: All versions < V4.1.4
Siemens	SCALANCE XR324-4M EEC (2x 24V, ports on front)	Affected: All versions < V4.1.4
Siemens	SCALANCE XR324-4M EEC (2x 24V, ports on front)	Affected: All versions < V4.1.4
Siemens	SCALANCE XR324-4M EEC (2x 24V, ports on rear)	Affected: All versions < V4.1.4
Siemens	SCALANCE XR324-4M EEC (2x 24V, ports on rear)	Affected: All versions < V4.1.4
Siemens	SCALANCE XR324-4M PoE (230V, ports on front)	Affected: All versions < V4.1.4
Siemens	SCALANCE XR324-4M PoE (230V, ports on rear)	Affected: All versions < V4.1.4
Siemens	SCALANCE XR324-4M PoE (24V, ports on front)	Affected: All versions < V4.1.4
Siemens	SCALANCE XR324-4M PoE (24V, ports on rear)	Affected: All versions < V4.1.4
Siemens	SCALANCE XR324-4M PoE TS (24V, ports on front)	Affected: All versions < V4.1.4
Siemens	SIPLUS NET SCALANCE X308-2	Affected: All versions < V4.1.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:49:43.242Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SCALANCE X302-7 EEC (230V)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X302-7 EEC (230V, coated)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X302-7 EEC (24V)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X302-7 EEC (24V, coated)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X302-7 EEC (2x 230V)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X302-7 EEC (2x 230V, coated)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X302-7 EEC (2x 24V)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X302-7 EEC (2x 24V, coated)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X304-2FE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X306-1LD FE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X307-2 EEC (230V)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X307-2 EEC (230V, coated)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X307-2 EEC (24V)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X307-2 EEC (24V, coated)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X307-2 EEC (2x 230V)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X307-2 EEC (2x 230V, coated)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X307-2 EEC (2x 24V)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X307-2 EEC (2x 24V, coated)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X307-3",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X307-3",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X307-3LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X307-3LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X308-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X308-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X308-2LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X308-2LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X308-2LH",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X308-2LH",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X308-2LH+",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X308-2LH+",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X308-2M",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X308-2M",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X308-2M PoE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X308-2M PoE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X308-2M TS",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X308-2M TS",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X310",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X310",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X310FE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X310FE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X320-1 FE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X320-1-2LD FE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE X408-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE XR324-12M (230V, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE XR324-12M (230V, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE XR324-12M (230V, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE XR324-12M (230V, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE XR324-12M (24V, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE XR324-12M (24V, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE XR324-12M (24V, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE XR324-12M (24V, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE XR324-12M TS (24V)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE XR324-12M TS (24V)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE XR324-4M EEC (24V, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE XR324-4M EEC (24V, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE XR324-4M PoE (230V, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE XR324-4M PoE (230V, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE XR324-4M PoE (24V, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE XR324-4M PoE (24V, ports on rear)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        },
        {
          "product": "SIPLUS NET SCALANCE X308-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server of the affected device could allow remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352: Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-12T09:07:49",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2022-25754",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SCALANCE X302-7 EEC (230V)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X302-7 EEC (230V, coated)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X302-7 EEC (24V)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X302-7 EEC (24V, coated)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X302-7 EEC (2x 230V)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X302-7 EEC (2x 230V, coated)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X302-7 EEC (2x 24V)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X302-7 EEC (2x 24V, coated)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X304-2FE",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X306-1LD FE",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X307-2 EEC (230V)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X307-2 EEC (230V, coated)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X307-2 EEC (24V)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X307-2 EEC (24V, coated)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X307-2 EEC (2x 230V)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X307-2 EEC (2x 230V, coated)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X307-2 EEC (2x 24V)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X307-2 EEC (2x 24V, coated)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X307-3",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X307-3",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X307-3LD",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X307-3LD",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X308-2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X308-2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X308-2LD",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X308-2LD",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X308-2LH",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X308-2LH",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X308-2LH+",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X308-2LH+",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X308-2M",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X308-2M",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X308-2M PoE",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X308-2M PoE",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X308-2M TS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X308-2M TS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X310",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X310",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X310FE",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X310FE",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X320-1 FE",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X320-1-2LD FE",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X408-2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XR324-12M (230V, ports on front)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XR324-12M (230V, ports on front)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XR324-12M (230V, ports on rear)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XR324-12M (230V, ports on rear)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XR324-12M (24V, ports on front)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XR324-12M (24V, ports on front)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XR324-12M (24V, ports on rear)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XR324-12M (24V, ports on rear)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XR324-12M TS (24V)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XR324-12M TS (24V)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XR324-4M PoE (230V, ports on front)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XR324-4M PoE (230V, ports on rear)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XR324-4M PoE (24V, ports on front)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XR324-4M PoE (24V, ports on rear)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIPLUS NET SCALANCE X308-2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server of the affected device could allow remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-352: Cross-Site Request Forgery (CSRF)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2022-25754",
    "datePublished": "2022-04-12T09:07:49",
    "dateReserved": "2022-02-22T00:00:00",
    "dateUpdated": "2024-08-03T04:49:43.242Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

VAR-202204-0495

CVE-2022-25754 (GCVE-0-2022-25754)

Tags

Sightings

Nomenclature