Lucene search

[email protected]CVE-2022-26334

HistoryApr 12, 2022 - 9:15 a.m.

CVE-2022-26334

2022-04-1209:15:00

CWE-120

[email protected]

web.nvd.nist.gov

cve-2022-26334

scalance

vulnerability

unvalidated get parameter

remote attacker

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.002 Low

EPSS

Percentile

54.8%

JSON

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices.

CPENameOperatorVersion
siemens:scalance_x302-7eec_firmwaresiemens scalance x302-7eec firmwarelt4.1.4
siemens:scalance_x304-2fe_firmwaresiemens scalance x304-2fe firmwarelt4.1.4
siemens:scalance_x306-1ldfe_firmwaresiemens scalance x306-1ldfe firmwarelt4.1.4
siemens:scalance_x307-2eec_firmwaresiemens scalance x307-2eec firmwarelt4.1.4
siemens:scalance_x307-3_firmwaresiemens scalance x307-3 firmwarelt4.1.4
siemens:scalance_x307-3ld_firmwaresiemens scalance x307-3ld firmwarelt4.1.4
siemens:scalance_x308-2_firmwaresiemens scalance x308-2 firmwarelt4.1.4
siemens:scalance_x308-2ld_firmwaresiemens scalance x308-2ld firmwarelt4.1.4
siemens:scalance_x308-2lh_firmwaresiemens scalance x308-2lh firmwarelt4.1.4
siemens:scalance_x308-2lh\+_firmwaresiemens scalance x308-2lh\+ firmwarelt4.1.4

CPE	Name	Operator	Version
siemens:scalance_x302-7eec_firmware	siemens scalance x302-7eec firmware	lt	4.1.4
siemens:scalance_x304-2fe_firmware	siemens scalance x304-2fe firmware	lt	4.1.4
siemens:scalance_x306-1ldfe_firmware	siemens scalance x306-1ldfe firmware	lt	4.1.4
siemens:scalance_x307-2eec_firmware	siemens scalance x307-2eec firmware	lt	4.1.4
siemens:scalance_x307-3_firmware	siemens scalance x307-3 firmware	lt	4.1.4
siemens:scalance_x307-3ld_firmware	siemens scalance x307-3ld firmware	lt	4.1.4
siemens:scalance_x308-2_firmware	siemens scalance x308-2 firmware	lt	4.1.4
siemens:scalance_x308-2ld_firmware	siemens scalance x308-2ld firmware	lt	4.1.4
siemens:scalance_x308-2lh_firmware	siemens scalance x308-2lh firmware	lt	4.1.4
siemens:scalance_x308-2lh\+_firmware	siemens scalance x308-2lh\+ firmware	lt	4.1.4

Rows per page:

1-10 of 241

References

cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.002 Low

EPSS

Percentile

54.8%

JSON

Related for CVE-2022-26334

prion1 nessus1 cvelist1 ics1