Lucene search
K

Siemens OpenSSL 3.0 Buffer Overflow (CVE-2022-3602)

🗓️ 09 Jan 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 7 Views

OpenSSL 3.0 name constraint overflow may crash or enable remote code execution; fixed in 3.0.7.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for Febuary 2023
10 Mar 202318:29
ibm
IBM Security Bulletins
Security Bulletin: API Connect is impacted by a vulnerability in OpenSSL (CVE-2022-3602, CVE-2022-3786)
8 Dec 202220:16
ibm
IBM Security Bulletins
Security Bulletin: IBM Aspera faspio Gateway affected by OpenSSL vulnerabilities (CVE-2022-3602, CVE-2022-3786)
2 Feb 202316:40
ibm
IBM Security Bulletins
Security Bulletin: IBM Security Verify Privilege On-Premise is affected by multiple security vulnerabilities
5 Oct 202308:12
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM® Db2® Big SQL.
4 Jan 202512:32
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in OpenSSL may affect IBM Spectrum Protect Plus (CVE-2022-3602, CVE-2022-3786)
30 May 202317:46
ibm
IBM Security Bulletins
Security Bulletin: OpenSSL vulnerabilities might impact IBM Cloud Application Business Insights - CVE-2022-3602 & CVE-2022-3786
30 Dec 202215:09
ibm
IBM Security Bulletins
Security Bulletin: IBM Observability with Instana (OnPrem) affected by OpenSSL vulnerabilities.
7 Mar 202309:44
ibm
IBM Security Bulletins
Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities
12 Jan 202317:22
ibm
IBM Security Bulletins
Security Bulletin: IBM Planning Analytics Local - Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components
7 May 202419:21
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(504891);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/02/17");

  script_cve_id("CVE-2022-3602");
  script_xref(name:"CEA-ID", value:"CEA-2022-0036");

  script_name(english:"Siemens OpenSSL 3.0 Buffer Overflow (CVE-2022-3602)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A buffer overrun can be triggered in X.509 certificate verification,
specifically in name constraint checking. Note that this occurs after
certificate chain signature verification and requires either a CA to
have signed the malicious certificate or for the application to
continue certificate verification despite failure to construct a path
to a trusted issuer. An attacker can craft a malicious email address
to overflow four attacker-controlled bytes on the stack. This buffer
overflow could result in a crash (causing a denial of service) or
potentially remote code execution. Many platforms implement stack
overflow protections which would mitigate against the risk of remote
code execution. The risk may be further mitigated based on stack
layout for any given platform/compiler. Pre-announcements of
CVE-2022-3602 described this issue as CRITICAL. Further analysis based
on some of the mitigating factors described above have led this to be
downgraded to HIGH. Users are still encouraged to upgrade to a new
version as soon as possible. In a TLS client, this can be triggered by
connecting to a malicious server. In a TLS server, this can be
triggered if the server requests client authentication and a malicious
client connects. Fixed in OpenSSL 3.0.7 (Affected
3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/html/ssa-408105.html");
  script_set_attribute(attribute:"see_also", value:"https://support.industry.siemens.com/cs/ww/en/view/109995126/");
  script_set_attribute(attribute:"see_also", value:"https://support.industry.siemens.com/cs/ww/en/view/109821005/");
  script_set_attribute(attribute:"see_also", value:"https://download.industrysoftware.automation.siemens.com/");
  script_set_attribute(attribute:"see_also", value:"https://support.industry.siemens.com/cs/ww/en/view/109763384/");
  # https://www.cisa.gov/news-events/alerts/2022/11/01/openssl-releases-security-update
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ced0b949");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-3602");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(120);

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/12/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/12/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/09");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x-200rna_series_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/o:siemens:scalance_x-200rna_series_firmware" :
        {"versionEndExcluding" : "3.2.8", "versionStartIncluding" : "3.2.7", "family" : "SCALANCEX200"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Feb 2026 00:00Current
8.5High risk
Vulners AI Score8.5
CVSS 3.17.5
EPSS0.9077
SSVC
7