CVE-2022-26648

EPSS 0.87%
Published 12.07.2022 10:15:10
Last modified 21.11.2024 06:54:15
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Scalance X204-2 Firmware Version < 5.2.6

Siemens ≫ Scalance X204-2 Version-

Siemens ≫ Scalance X204-2fm Firmware Version < 5.2.6

Siemens ≫ Scalance X204-2fm Version-

Siemens ≫ Scalance X204-2ld Firmware Version < 5.2.6

Siemens ≫ Scalance X204-2ld Version-

Siemens ≫ Scalance X204-2ld Ts Firmware Version < 5.2.6

Siemens ≫ Scalance X204-2ld Ts Version-

Siemens ≫ Scalance X204-2ts Firmware Version < 5.2.6

Siemens ≫ Scalance X204-2ts Version-

Siemens ≫ Scalance X206-1 Firmware Version < 5.2.6

Siemens ≫ Scalance X206-1 Version-

Siemens ≫ Scalance X206-1ld Firmware Version < 5.2.6

Siemens ≫ Scalance X206-1ld Version-

Siemens ≫ Scalance X208 Firmware Version < 5.2.6

Siemens ≫ Scalance X208 Version-

Siemens ≫ Scalance X208 Pro Firmware Version < 5.2.6

Siemens ≫ Scalance X208 Pro Version-

Siemens ≫ Scalance X212-2 Firmware Version < 5.2.6

Siemens ≫ Scalance X212-2 Version-

Siemens ≫ Scalance X212-2ld Firmware Version < 5.2.6

Siemens ≫ Scalance X212-2ld Version-

Siemens ≫ Scalance X216 Firmware Version < 5.2.6

Siemens ≫ Scalance X216 Version-

Siemens ≫ Scalance X224 Firmware Version < 5.2.6

Siemens ≫ Scalance X224 Version-

Siemens ≫ Scalance Xf204 Firmware Version < 5.2.6

Siemens ≫ Scalance Xf204 Version-

Siemens ≫ Scalance Xf204-2 Firmware Version < 5.2.6

Siemens ≫ Scalance Xf204-2 Version-

Siemens ≫ Scalance Xf206-1 Firmware Version < 5.2.6

Siemens ≫ Scalance Xf206-1 Version-

Siemens ≫ Scalance Xf208 Firmware Version < 5.2.6

Siemens ≫ Scalance Xf208 Version-

Siemens ≫ Scalance X200-4p Irt Firmware

Siemens ≫ Scalance X200-4p Irt Version-

Siemens ≫ Scalance X201-3p Irt Firmware

Siemens ≫ Scalance X201-3p Irt Version-

Siemens ≫ Scalance X201-3p Irt Pro Firmware

Siemens ≫ Scalance X201-3p Irt Pro Version-

Siemens ≫ Scalance X202-2irt Firmware

Siemens ≫ Scalance X202-2irt Version-

Siemens ≫ Scalance X202-2p Irt Firmware

Siemens ≫ Scalance X202-2p Irt Version-

Siemens ≫ Scalance X202-2p Irt Pro Firmware

Siemens ≫ Scalance X202-2p Irt Pro Version-

Siemens ≫ Scalance X204irt Firmware

Siemens ≫ Scalance X204irt Version-

Siemens ≫ Scalance X204irt Pro Firmware

Siemens ≫ Scalance X204irt Pro Version-

Siemens ≫ Scalance Xf201-3p Irt Firmware

Siemens ≫ Scalance Xf201-3p Irt Version-

Siemens ≫ Scalance Xf202-2p Irt Firmware

Siemens ≫ Scalance Xf202-2p Irt Version-

Siemens ≫ Scalance Xf204-2ba Irt Firmware

Siemens ≫ Scalance Xf204-2ba Irt Version-

Siemens ≫ Scalance Xf204irt Firmware

Siemens ≫ Scalance Xf204irt Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.87%	0.742

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
productcert@siemens.com	8.2	2.3	5.3	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-26648

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-26648

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-26648

EUVD