Scalance X300, Scalance X408, Scalance X414 Security Vulnerabilities

Siemens SCALANCE W1750D (Update A)

EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE W1750D Vulnerabilities: Improper Restriction of Operations Within the Bounds of a Memory Buffer, Command Injection, Path Traversal 2. UPDATE INFORMATION This updated...

CISA Releases Twenty-Five Industrial Control Systems Advisories

CISA has released twenty-five (25) Industrial Control Systems (ICS) advisories on October 13, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS...

CVE-2022-40631

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT (All versions < V5.5.0), SCALANCE X202-2P IRT (All versions < V5.5.0), SCALANCE X202...

CVE-2022-40631

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT (All versions < V5.5.0), SCALANCE X202-2P IRT (All versions < V5.5.0), SCALANCE X202...

CVE-2022-31766

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.1.2), SCALANCE M804PB (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex B)...

CVE-2022-31766

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.1.2), SCALANCE M804PB (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex B)...

CVE-2022-31765

Affected devices do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their...

Design/Logic Flaw

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.1.2), SCALANCE M804PB (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex B)...

Cross site scripting

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT (All versions < V5.5.0), SCALANCE X202-2P IRT (All versions < V5.5.0), SCALANCE X202...

CVE-2022-31766

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.1.2), SCALANCE M804PB (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex B)...

CVE-2022-40631

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT (All versions < V5.5.0), SCALANCE X202-2P IRT (All versions < V5.5.0), SCALANCE X202...

CVE-2022-37895

An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x:...

CVE-2022-37896

A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser....

CVE-2022-37893

An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x:....

CVE-2022-37894

An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x:...

CVE-2022-37892

A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a...

CVE-2022-37891

Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS.....

CVE-2022-37889

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities...

CVE-2022-37890

Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS.....

CVE-2022-37887

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities...

CVE-2022-37885

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities...

CVE-2022-37886

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities...

CVE-2022-37888

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities...

CVE-2013-4652

Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices with firmware before 4.5.4 allows remote attackers to bypass authentication and execute arbitrary code via a (1) SSH or (2) TELNET...

CVE-2013-4652

Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices with firmware before 4.5.4 allows remote attackers to bypass authentication and execute arbitrary code via a (1) SSH or (2) TELNET...

CVE-2013-4651

Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust...

CVE-2013-4651

Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust...

CISA Releases Eleven Industrial Control Systems Advisories

CISA has released eleven (11) Industrial Control Systems (ICS) advisories on September 15, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.15.5.5)

The version of AOS installed on the remote host is prior to 5.15.5.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.15.5.5 advisory. Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.15.6)

The version of AOS installed on the remote host is prior to 5.15.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.15.6 advisory. Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component:...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.15.7)

The version of AOS installed on the remote host is prior to 5.15.7. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.15.7 advisory. Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component:...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.1)

The version of AOS installed on the remote host is prior to 6.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.1 advisory. Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component:...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.0)

The version of AOS installed on the remote host is prior to 6.0. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.0 advisory. Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component:...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.20)

The version of AOS installed on the remote host is prior to 5.20. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.20 advisory. Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component:...

Siemens Linux-based Products (Update J)

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Siemens Industrial Devices using libcurl (Update B)

EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Industrial devices using libcurl Vulnerabilities: Use After Free 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-22-132-13 Siemens Industrial Devices using...

Siemens OpenSSL Vulnerabilities in Industrial Products (Update B)

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

CVE-2022-36323

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root...

CVE-2022-36324

Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the...

CVE-2022-36325

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based...

Siemens SCALANCE products have unspecified vulnerabilities

SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 industrial routers are used for secure remote access to plants over mobile networks (e.g. GPRS or UMTS) with integrated security features of firewalls to prevent unauthorized access, and VPNs to protect data transmission.SCALANCE SC-600 devices....

Siemens SCALANCE product has an unspecified vulnerability (CNVD-2022-56474)

SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 industrial routers are used for secure remote access to plants over mobile networks (e.g. GPRS or UMTS) with integrated security features of firewalls to prevent unauthorized access, and VPNs to protect data transmission.SCALANCE SC-600 devices....

Siemens SCALANCE product command injection vulnerability

SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 industrial routers are used for secure remote access to plants over mobile networks (e.g. GPRS or UMTS) with integrated security features of firewalls to prevent unauthorized access, and VPNs to protect data transmission.SCALANCE SC-600 devices....

Siemens SCALANCE X Switch Devices Buffer Copy Without Checking Size of Input (CVE-2022-26648)

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions), SCALANCE X200-4P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X202-2IRT (All...

Siemens SCALANCE X Switch Devices Buffer Copy Without Checking Size of Input (CVE-2022-26649)

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions), SCALANCE X200-4P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X202-2IRT (All...

Siemens SCALANCE X Switch Devices Use of Insufficiently Random Values (CVE-2022-26647)

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions), SCALANCE X200-4P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X202-2IRT (All...

Siemens VxWorks-based Industrial Products (Update C)

EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Wind River VxWorks-based Industrial Products Vulnerability: Heap-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled...

Siemens SCALANCE X Switch Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Siemens SCALANCE X (Update D)

EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SCALANCE X Vulnerability: Expected Behavior Violation 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-19-085-01 Siemens SCALANCE X (Update C) that was...

Siemens SCALANCE X Switches has an unspecified vulnerability

A security vulnerability exists in Siemens SCALANCE X Switches, an industrial Ethernet switch product from Siemens, Germany, which could be exploited by a remote, unauthenticated attacker to brute-force session IDs and hijack existing...