Lucene search

SiemensCVE-2022-26647

HistoryJul 12, 2022 - 10:15 a.m.

CVE-2022-26647

2022-07-1210:15:10

CWE-330

siemens

web.nvd.nist.gov

cve

2022

26647

vulnerability

scalance

webserver

session hijacking

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.003

Percentile

70.6%

JSON

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.

Affected configurations

Nvd

Node

siemensscalance_x200-4p_irtMatch-

AND

siemensscalance_x200-4p_irt_firmware

Node

siemensscalance_x201-3p_irtMatch-

AND

siemensscalance_x201-3p_irt_firmware

Node

siemensscalance_x201-3p_irt_proMatch-

AND

siemensscalance_x201-3p_irt_pro_firmware

Node

siemensscalance_x202-2irtMatch-

AND

siemensscalance_x202-2irt_firmware

Node

siemensscalance_x202-2p_irtMatch-

AND

siemensscalance_x202-2p_irt_firmware

Node

siemensscalance_x202-2p_irt_proMatch-

AND

siemensscalance_x202-2p_irt_pro_firmware

Node

siemensscalance_x204-2Match-

AND

siemensscalance_x204-2_firmwareRange<5.2.6

Node

siemensscalance_x204-2fmMatch-

AND

siemensscalance_x204-2fm_firmwareRange<5.2.6

Node

siemensscalance_x204-2ld_firmwareRange<5.2.6

AND

siemensscalance_x204-2ldMatch-

Node

siemensscalance_x204-2ld_ts_firmwareRange<5.2.6

AND

siemensscalance_x204-2ld_tsMatch-

Node

siemensscalance_x204-2ts_firmwareRange<5.2.6

AND

siemensscalance_x204-2tsMatch-

Node

siemensscalance_x204irt_firmware

AND

siemensscalance_x204irtMatch-

Node

siemensscalance_x204irt_pro_firmware

AND

siemensscalance_x204irt_proMatch-

Node

siemensscalance_x206-1_firmwareRange<5.2.6

AND

siemensscalance_x206-1Match-

Node

siemensscalance_x206-1ld_firmwareRange<5.2.6

AND

siemensscalance_x206-1ldMatch-

Node

siemensscalance_x208_firmwareRange<5.2.6

AND

siemensscalance_x208Match-

Node

siemensscalance_x208_pro_firmwareRange<5.2.6

AND

siemensscalance_x208_proMatch-

Node

siemensscalance_x212-2_firmwareRange<5.2.6

AND

siemensscalance_x212-2Match-

Node

siemensscalance_x212-2ld_firmwareRange<5.2.6

AND

siemensscalance_x212-2ldMatch-

Node

siemensscalance_x216_firmwareRange<5.2.6

AND

siemensscalance_x216Match-

Node

siemensscalance_x224_firmwareRange<5.2.6

AND

siemensscalance_x224Match-

Node

siemensscalance_xf201-3p_irt_firmware

AND

siemensscalance_xf201-3p_irtMatch-

Node

siemensscalance_xf202-2p_irt_firmware

AND

siemensscalance_xf202-2p_irtMatch-

Node

siemensscalance_xf204_firmwareRange<5.2.6

AND

siemensscalance_xf204Match-

Node

siemensscalance_xf204-2_firmwareRange<5.2.6

AND

siemensscalance_xf204-2Match-

Node

siemensscalance_xf204-2ba_irt_firmware

AND

siemensscalance_xf204-2ba_irtMatch-

Node

siemensscalance_xf204irt_firmware

AND

siemensscalance_xf204irtMatch-

Node

siemensscalance_xf206-1_firmwareRange<5.2.6

AND

siemensscalance_xf206-1Match-

Node

siemensscalance_xf208_firmwareRange<5.2.6

AND

siemensscalance_xf208Match-

VendorProductVersionCPE
siemensscalance_x200-4p_irt-cpe:2.3:h:siemens:scalance_x200-4p_irt:-:*:*:*:*:*:*:*
siemensscalance_x200-4p_irt_firmware*cpe:2.3:o:siemens:scalance_x200-4p_irt_firmware:*:*:*:*:*:*:*:*
siemensscalance_x201-3p_irt-cpe:2.3:h:siemens:scalance_x201-3p_irt:-:*:*:*:*:*:*:*
siemensscalance_x201-3p_irt_firmware*cpe:2.3:o:siemens:scalance_x201-3p_irt_firmware:*:*:*:*:*:*:*:*
siemensscalance_x201-3p_irt_pro-cpe:2.3:h:siemens:scalance_x201-3p_irt_pro:-:*:*:*:*:*:*:*
siemensscalance_x201-3p_irt_pro_firmware*cpe:2.3:o:siemens:scalance_x201-3p_irt_pro_firmware:*:*:*:*:*:*:*:*
siemensscalance_x202-2irt-cpe:2.3:h:siemens:scalance_x202-2irt:-:*:*:*:*:*:*:*
siemensscalance_x202-2irt_firmware*cpe:2.3:o:siemens:scalance_x202-2irt_firmware:*:*:*:*:*:*:*:*
siemensscalance_x202-2p_irt-cpe:2.3:h:siemens:scalance_x202-2p_irt:-:*:*:*:*:*:*:*
siemensscalance_x202-2p_irt_firmware*cpe:2.3:o:siemens:scalance_x202-2p_irt_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	scalance_x200-4p_irt	-	cpe:2.3:h:siemens:scalance_x200-4p_irt:-:::::::*
siemens	scalance_x200-4p_irt_firmware	*	cpe:2.3:o:siemens:scalance_x200-4p_irt_firmware::::::::
siemens	scalance_x201-3p_irt	-	cpe:2.3:h:siemens:scalance_x201-3p_irt:-:::::::*
siemens	scalance_x201-3p_irt_firmware	*	cpe:2.3:o:siemens:scalance_x201-3p_irt_firmware::::::::
siemens	scalance_x201-3p_irt_pro	-	cpe:2.3:h:siemens:scalance_x201-3p_irt_pro:-:::::::*
siemens	scalance_x201-3p_irt_pro_firmware	*	cpe:2.3:o:siemens:scalance_x201-3p_irt_pro_firmware::::::::
siemens	scalance_x202-2irt	-	cpe:2.3:h:siemens:scalance_x202-2irt:-:::::::*
siemens	scalance_x202-2irt_firmware	*	cpe:2.3:o:siemens:scalance_x202-2irt_firmware::::::::
siemens	scalance_x202-2p_irt	-	cpe:2.3:h:siemens:scalance_x202-2p_irt:-:::::::*
siemens	scalance_x202-2p_irt_firmware	*	cpe:2.3:o:siemens:scalance_x202-2p_irt_firmware::::::::

Rows per page:

1-10 of 581

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "SCALANCE X200-4P IRT",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X201-3P IRT",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X201-3P IRT PRO",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X202-2IRT",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X202-2IRT",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X202-2P IRT",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X202-2P IRT PRO",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X204-2",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X204-2FM",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X204-2LD",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X204-2LD TS",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X204-2TS",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X204IRT",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X204IRT",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X204IRT PRO",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X206-1",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X206-1LD",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X208",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X208PRO",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X212-2",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X212-2LD",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X216",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X224",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE XF201-3P IRT",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE XF202-2P IRT",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE XF204",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE XF204-2",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE XF204-2BA IRT",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE XF204IRT",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE XF206-1",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE XF208",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf

Social References

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.003

Percentile

70.6%

JSON

Related for CVE-2022-26647