Lucene search

[email protected]CVE-2022-26649

HistoryJul 12, 2022 - 10:15 a.m.

CVE-2022-26649

2022-07-1210:15:10

CWE-120

[email protected]

web.nvd.nist.gov

cve-2022-26649

unauthenticated remote attacker

scalance devices

security vulnerability

http get requests

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

9.6 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.2%

JSON

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices.

Affected configurations

NVD

Node

siemensscalance_x204-2_firmwareRange<5.2.6

AND

siemensscalance_x204-2Match-

Node

siemensscalance_x204-2fm_firmwareRange<5.2.6

AND

siemensscalance_x204-2fmMatch-

Node

siemensscalance_x204-2ld_firmwareRange<5.2.6

AND

siemensscalance_x204-2ldMatch-

Node

siemensscalance_x204-2ld_ts_firmwareRange<5.2.6

AND

siemensscalance_x204-2ld_tsMatch-

Node

siemensscalance_x204-2ts_firmwareRange<5.2.6

AND

siemensscalance_x204-2tsMatch-

Node

siemensscalance_x206-1_firmwareRange<5.2.6

AND

siemensscalance_x206-1Match-

Node

siemensscalance_x206-1ld_firmwareRange<5.2.6

AND

siemensscalance_x206-1ldMatch-

Node

siemensscalance_x208_firmwareRange<5.2.6

AND

siemensscalance_x208Match-

Node

siemensscalance_x208_pro_firmwareRange<5.2.6

AND

siemensscalance_x208_proMatch-

Node

siemensscalance_x212-2_firmwareRange<5.2.6

AND

siemensscalance_x212-2Match-

Node

siemensscalance_x212-2ld_firmwareRange<5.2.6

AND

siemensscalance_x212-2ldMatch-

Node

siemensscalance_x216_firmwareRange<5.2.6

AND

siemensscalance_x216Match-

Node

siemensscalance_x224_firmwareRange<5.2.6

AND

siemensscalance_x224Match-

Node

siemensscalance_xf204_firmwareRange<5.2.6

AND

siemensscalance_xf204Match-

Node

siemensscalance_xf204-2_firmwareRange<5.2.6

AND

siemensscalance_xf204-2Match-

Node

siemensscalance_xf206-1_firmwareRange<5.2.6

AND

siemensscalance_xf206-1Match-

Node

siemensscalance_xf208_firmwareRange<5.2.6

AND

siemensscalance_xf208Match-

Node

siemensscalance_x200-4p_irt_firmware

AND

siemensscalance_x200-4p_irtMatch-

Node

siemensscalance_x201-3p_irt_firmware

AND

siemensscalance_x201-3p_irtMatch-

Node

siemensscalance_x201-3p_irt_proMatch-

AND

siemensscalance_x201-3p_irt_pro_firmware

Node

siemensscalance_x202-2irtMatch-

AND

siemensscalance_x202-2irt_firmware

Node

siemensscalance_x202-2p_irtMatch-

AND

siemensscalance_x202-2p_irt_firmware

Node

siemensscalance_x202-2p_irt_proMatch-

AND

siemensscalance_x202-2p_irt_pro_firmware

Node

siemensscalance_x204irtMatch-

AND

siemensscalance_x204irt_firmware

Node

siemensscalance_x204irt_proMatch-

AND

siemensscalance_x204irt_pro_firmware

Node

siemensscalance_xf201-3p_irtMatch-

AND

siemensscalance_xf201-3p_irt_firmware

Node

siemensscalance_xf202-2p_irtMatch-

AND

siemensscalance_xf202-2p_irt_firmware

Node

siemensscalance_xf204-2ba_irt_firmware

AND

siemensscalance_xf204-2ba_irtMatch-

Node

siemensscalance_xf204irt_firmware

AND

siemensscalance_xf204irtMatch-

CPENameOperatorVersion
siemens:scalance_x204-2_firmwaresiemens scalance x204-2 firmwarelt5.2.6

CPE	Name	Operator	Version
siemens:scalance_x204-2_firmware	siemens scalance x204-2 firmware	lt	5.2.6

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "SCALANCE X200-4P IRT",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X201-3P IRT",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X201-3P IRT PRO",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X202-2IRT",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X202-2IRT",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X202-2P IRT",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X202-2P IRT PRO",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X204-2",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X204-2FM",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X204-2LD",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X204-2LD TS",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X204-2TS",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X204IRT",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X204IRT",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X204IRT PRO",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X206-1",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X206-1LD",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X208",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X208PRO",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X212-2",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X212-2LD",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X216",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X224",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE XF201-3P IRT",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE XF202-2P IRT",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE XF204",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE XF204-2",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE XF204-2BA IRT",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE XF204IRT",
    "versions": [
      {
        "version": "All versions < V5.5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE XF206-1",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE XF208",
    "versions": [
      {
        "version": "All versions < V5.2.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf

Social References

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

9.6 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.2%

JSON

Related for CVE-2022-26649

cvelist1 nessus1 prion1 nvd1 ics1