CVE-2022-25751

EPSS 3.26%
Published 12.04.2022 09:15:14
Last modified 21.11.2024 06:52:55
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the HTTP headers of incoming requests. This could allow an unauthenticated remote attacker to crash affected devices.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Scalance X302-7eec Firmware Version < 4.1.4

Siemens ≫ Scalance X302-7eec Version-

Siemens ≫ Scalance X304-2fe Firmware Version < 4.1.4

Siemens ≫ Scalance X304-2fe Version-

Siemens ≫ Scalance X306-1ldfe Firmware Version < 4.1.4

Siemens ≫ Scalance X306-1ldfe Version-

Siemens ≫ Scalance X307-2eec Firmware Version < 4.1.4

Siemens ≫ Scalance X307-2eec Version-

Siemens ≫ Scalance X307-3 Firmware Version < 4.1.4

Siemens ≫ Scalance X307-3 Version-

Siemens ≫ Scalance X307-3ld Firmware Version < 4.1.4

Siemens ≫ Scalance X307-3ld Version-

Siemens ≫ Scalance X308-2 Firmware Version < 4.1.4

Siemens ≫ Scalance X308-2 Version-

Siemens ≫ Scalance X308-2ld Firmware Version < 4.1.4

Siemens ≫ Scalance X308-2ld Version-

Siemens ≫ Scalance X308-2lh Firmware Version < 4.1.4

Siemens ≫ Scalance X308-2lh Version-

Siemens ≫ Scalance X308-2lh+ Firmware Version < 4.1.4

Siemens ≫ Scalance X308-2lh+ Version-

Siemens ≫ Scalance X308-2m Firmware Version < 4.1.4

Siemens ≫ Scalance X308-2m Version-

Siemens ≫ Scalance X308-2m Poe Firmware Version-

Siemens ≫ Scalance X308-2m Poe Version-

Siemens ≫ Scalance X308-2m Ts Firmware Version < 4.1.4

Siemens ≫ Scalance X308-2m Ts Version-

Siemens ≫ Scalance X310 Firmware Version < 4.1.4

Siemens ≫ Scalance X310 Version-

Siemens ≫ Scalance X310fe Firmware Version < 4.1.4

Siemens ≫ Scalance X310fe Version-

Siemens ≫ Scalance X320-1fe Firmware Version < 4.1.4

Siemens ≫ Scalance X320-1fe Version-

Siemens ≫ Scalance X320-1-2ldfe Firmware Version < 4.1.4

Siemens ≫ Scalance X320-1-2ldfe Version-

Siemens ≫ Scalance X408-2 Firmware Version < 4.1.4

Siemens ≫ Scalance X408-2 Version-

Siemens ≫ Scalance Xr324-4m Eec Firmware Version < 4.1.4

Siemens ≫ Scalance Xr324-4m Eec Version-

Siemens ≫ Scalance Xr324-4m Poe Firmware Version < 4.1.4

Siemens ≫ Scalance Xr324-4m Poe Version-

Siemens ≫ Scalance Xr324-4m Poe Ts Firmware Version < 4.1.4

Siemens ≫ Scalance Xr324-4m Poe Ts Version-

Siemens ≫ Scalance Xr324-12m Firmware Version < 4.1.4

Siemens ≫ Scalance Xr324-12m Version-

Siemens ≫ Scalance Xr324-12m Ts Firmware Version < 4.1.4

Siemens ≫ Scalance Xr324-12m Ts Version-

Siemens ≫ Siplus Net Scalance X308-2 Firmware Version < 4.1.4

Siemens ≫ Siplus Net Scalance X308-2 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.26%	0.864

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf

Patch

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2022-25751

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-25751

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-25751

EUVD