Lucene search

[email protected]CVE-2022-25752

HistoryApr 12, 2022 - 9:15 a.m.

CVE-2022-25752

2022-04-1209:15:00

CWE-330

[email protected]

web.nvd.nist.gov

cve-2022-25752

scalance

vulnerability

webserver

remote attacker

session hijack

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

71.4%

JSON

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.

CPENameOperatorVersion
siemens:scalance_x302-7eec_firmwaresiemens scalance x302-7eec firmwarelt4.1.4
siemens:scalance_x304-2fe_firmwaresiemens scalance x304-2fe firmwarelt4.1.4
siemens:scalance_x306-1ldfe_firmwaresiemens scalance x306-1ldfe firmwarelt4.1.4
siemens:scalance_x307-2eec_firmwaresiemens scalance x307-2eec firmwarelt4.1.4
siemens:scalance_x307-3_firmwaresiemens scalance x307-3 firmwarelt4.1.4
siemens:scalance_x307-3ld_firmwaresiemens scalance x307-3ld firmwarelt4.1.4
siemens:scalance_x308-2_firmwaresiemens scalance x308-2 firmwarelt4.1.4
siemens:scalance_x308-2ld_firmwaresiemens scalance x308-2ld firmwarelt4.1.4
siemens:scalance_x308-2lh_firmwaresiemens scalance x308-2lh firmwarelt4.1.4
siemens:scalance_x308-2lh\+_firmwaresiemens scalance x308-2lh\+ firmwarelt4.1.4

CPE	Name	Operator	Version
siemens:scalance_x302-7eec_firmware	siemens scalance x302-7eec firmware	lt	4.1.4
siemens:scalance_x304-2fe_firmware	siemens scalance x304-2fe firmware	lt	4.1.4
siemens:scalance_x306-1ldfe_firmware	siemens scalance x306-1ldfe firmware	lt	4.1.4
siemens:scalance_x307-2eec_firmware	siemens scalance x307-2eec firmware	lt	4.1.4
siemens:scalance_x307-3_firmware	siemens scalance x307-3 firmware	lt	4.1.4
siemens:scalance_x307-3ld_firmware	siemens scalance x307-3ld firmware	lt	4.1.4
siemens:scalance_x308-2_firmware	siemens scalance x308-2 firmware	lt	4.1.4
siemens:scalance_x308-2ld_firmware	siemens scalance x308-2ld firmware	lt	4.1.4
siemens:scalance_x308-2lh_firmware	siemens scalance x308-2lh firmware	lt	4.1.4
siemens:scalance_x308-2lh\+_firmware	siemens scalance x308-2lh\+ firmware	lt	4.1.4

Rows per page:

1-10 of 241

References

cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

71.4%

JSON

Related for CVE-2022-25752

nessus1 prion1 cvelist1 ics1