Lucene search

[email protected]CVE-2022-26648

HistoryJul 12, 2022 - 10:15 a.m.

CVE-2022-26648

2022-07-1210:15:10

CWE-120

[email protected]

web.nvd.nist.gov

scalance

vulnerability

unauthenticated

remote attacker

http validation

nvd

cve-2022-26648

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

8.2 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.9%

JSON

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices.

Affected configurations

NVD

Node

siemensscalance_x204-2_firmwareRange<5.2.6

AND

siemensscalance_x204-2Match-

Node

siemensscalance_x204-2fm_firmwareRange<5.2.6

AND

siemensscalance_x204-2fmMatch-

Node

siemensscalance_x204-2ld_firmwareRange<5.2.6

AND

siemensscalance_x204-2ldMatch-

Node

siemensscalance_x204-2ld_ts_firmwareRange<5.2.6

AND

siemensscalance_x204-2ld_tsMatch-

Node

siemensscalance_x204-2ts_firmwareRange<5.2.6

AND

siemensscalance_x204-2tsMatch-

Node

siemensscalance_x206-1_firmwareRange<5.2.6

AND

siemensscalance_x206-1Match-

Node

siemensscalance_x206-1ld_firmwareRange<5.2.6

AND

siemensscalance_x206-1ldMatch-

Node

siemensscalance_x208_firmwareRange<5.2.6

AND

siemensscalance_x208Match-

Node

siemensscalance_x208_pro_firmwareRange<5.2.6

AND

siemensscalance_x208_proMatch-

Node

siemensscalance_x212-2_firmwareRange<5.2.6

AND

siemensscalance_x212-2Match-

Node

siemensscalance_x212-2ld_firmwareRange<5.2.6

AND

siemensscalance_x212-2ldMatch-

Node

siemensscalance_x216_firmwareRange<5.2.6

AND

siemensscalance_x216Match-

Node

siemensscalance_x224_firmwareRange<5.2.6

AND

siemensscalance_x224Match-

Node

siemensscalance_xf204_firmwareRange<5.2.6

AND

siemensscalance_xf204Match-

Node

siemensscalance_xf204-2_firmwareRange<5.2.6

AND

siemensscalance_xf204-2Match-

Node

siemensscalance_xf206-1_firmwareRange<5.2.6

AND

siemensscalance_xf206-1Match-

Node

siemensscalance_xf208_firmwareRange<5.2.6

AND

siemensscalance_xf208Match-

Node

siemensscalance_x200-4p_irt_firmware

AND

siemensscalance_x200-4p_irtMatch-

Node

siemensscalance_x201-3p_irt_firmware

AND

siemensscalance_x201-3p_irtMatch-

Node

siemensscalance_x201-3p_irt_pro_firmware

AND

siemensscalance_x201-3p_irt_proMatch-

Node

siemensscalance_x202-2irt_firmware

AND

siemensscalance_x202-2irtMatch-

Node

siemensscalance_x202-2p_irt_firmware

AND

siemensscalance_x202-2p_irtMatch-

Node

siemensscalance_x202-2p_irt_pro_firmware

AND

siemensscalance_x202-2p_irt_proMatch-

Node

siemensscalance_x204irt_firmware

AND

siemensscalance_x204irtMatch-

Node

siemensscalance_x204irt_pro_firmware

AND

siemensscalance_x204irt_proMatch-

Node

siemensscalance_xf201-3p_irt_firmware

AND

siemensscalance_xf201-3p_irtMatch-

Node

siemensscalance_xf202-2p_irt_firmware

AND

siemensscalance_xf202-2p_irtMatch-

Node

siemensscalance_xf204-2ba_irt_firmware

AND

siemensscalance_xf204-2ba_irtMatch-

Node

siemensscalance_xf204irt_firmware

AND

siemensscalance_xf204irtMatch-

CPENameOperatorVersion
siemens:scalance_x204-2_firmwaresiemens scalance x204-2 firmwarelt5.2.6

CPE	Name	Operator	Version
siemens:scalance_x204-2_firmware	siemens scalance x204-2 firmware	lt	5.2.6

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "SCALANCE X200-4P IRT",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X201-3P IRT",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X201-3P IRT PRO",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X202-2IRT",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X202-2IRT",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X202-2P IRT",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X202-2P IRT PRO",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X204-2",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X204-2FM",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X204-2LD",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X204-2LD TS",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X204-2TS",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X204IRT",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X204IRT",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X204IRT PRO",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X206-1",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X206-1LD",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X208",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X208PRO",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X212-2",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X212-2LD",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X216",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X224",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE XF201-3P IRT",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE XF202-2P IRT",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE XF204",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE XF204-2",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE XF204-2BA IRT",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE XF204IRT",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE XF206-1",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE XF208",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf

Social References

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

8.2 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.9%

JSON

Related for CVE-2022-26648

cvelist1 nessus1 prion1 nvd1 ics1