CVE-2022-28328

EPSS 0.55%
Published 12.04.2022 09:15:15
Last modified 21.11.2024 06:57:10
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not properly handle malformed Multicast LLC frames. This could allow an attacker to trigger a denial of service condition.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Scalance W1788-2ia M12 Firmware Version < 3.0.0

Siemens ≫ Scalance W1788-2ia M12 Version-

Siemens ≫ Scalance W1788-2 M12 Firmware Version < 3.0.0

Siemens ≫ Scalance W1788-2 M12 Version-

Siemens ≫ Scalance W1788-2 Eec M12 Firmware Version < 3.0.0

Siemens ≫ Scalance W1788-2 Eec M12 Version-

Siemens ≫ Scalance W1788-1 M12 Firmware Version < 3.0.0

Siemens ≫ Scalance W1788-1 M12 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.55%	0.667

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://cert-portal.siemens.com/productcert/pdf/ssa-392912.pdf

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-28328

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-28328

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-28328

EUVD