CVE-2022-28328

EPSS 0.55%
Veröffentlicht 12.04.2022 09:15:15
Zuletzt bearbeitet 21.11.2024 06:57:10
Quelle productcert@siemens.com
Teams Watchlist Login
Unerledigt Login

A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not properly handle malformed Multicast LLC frames. This could allow an attacker to trigger a denial of service condition.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Siemens ≫ Scalance W1788-2ia M12 Firmware Version < 3.0.0

Siemens ≫ Scalance W1788-2ia M12 Version-

Siemens ≫ Scalance W1788-2 M12 Firmware Version < 3.0.0

Siemens ≫ Scalance W1788-2 M12 Version-

Siemens ≫ Scalance W1788-2 Eec M12 Firmware Version < 3.0.0

Siemens ≫ Scalance W1788-2 Eec M12 Version-

Siemens ≫ Scalance W1788-1 M12 Firmware Version < 3.0.0

Siemens ≫ Scalance W1788-1 M12 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.55%	0.667

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://cert-portal.siemens.com/productcert/pdf/ssa-392912.pdf

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-28328

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-28328

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-28328

EUVD