← Back

CVE-2022-25753

nvd nist
Published: Apr 12, 2022Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The handling of arguments such as IP addresses in the CLI of affected devices is prone to buffer overflows. This could allow an authenticated remote attacker to execute arbitrary code on the device.

Affected (24)

Siemens
23 products
Scalance X302 7eec Firmware
Scalance X304 2fe Firmware
Scalance X306 1ldfe Firmware
Scalance X307 2eec Firmware
Scalance X307 3 Firmware
Scalance X307 3ld Firmware
Scalance X308 2 Firmware
Scalance X308 2ld Firmware
Scalance X308 2lh+ Firmware
Scalance X308 2m Firmware
Scalance X308 2m Poe Firmware
Scalance X308 2m Ts Firmware
Scalance X310 Firmware
Scalance X310fe Firmware
Scalance X320 1fe Firmware
Scalance X320 1 2ldfe Firmware
Scalance X408 2 Firmware
Scalance Xr324 4m Eec Firmware
Scalance Xr324 4m Poe Firmware
Scalance Xr324 4m Poe Ts Firmware
Scalance Xr324 12m Firmware
Scalance Xr324 12m Ts Firmware
Siplus Net Scalance X308 2 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scalance X302 7eec Firmware
Before 4.1.4
Running on/withPlatform Versions
Siemens
Scalance X302 7eec
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scalance X304 2fe Firmware
Before 4.1.4
Running on/withPlatform Versions
Siemens
Scalance X304 2fe
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scalance X306 1ldfe Firmware
Before 4.1.4
Running on/withPlatform Versions
Siemens
Scalance X306 1ldfe
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scalance X307 2eec Firmware
Before 4.1.4
Running on/withPlatform Versions
Siemens
Scalance X307 2eec
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scalance X307 3 Firmware
Before 4.1.4
Running on/withPlatform Versions
Siemens
Scalance X307 3
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scalance X307 3ld Firmware
Before 4.1.4
Running on/withPlatform Versions
Siemens
Scalance X307 3ld
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scalance X308 2 Firmware
Before 4.1.4
Running on/withPlatform Versions
Siemens
Scalance X308 2
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scalance X308 2ld Firmware
Before 4.1.4
Running on/withPlatform Versions
Siemens
Scalance X308 2ld
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scalance X308 2lh Firmware
Before 4.1.4
Running on/withPlatform Versions
Siemens
Scalance X308 2lh
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scalance X308 2lh+ Firmware
Before 4.1.4
Running on/withPlatform Versions
Siemens
Scalance X308 2lh+
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scalance X308 2m Firmware
Before 4.1.4
Running on/withPlatform Versions
Siemens
Scalance X308 2m
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scalance X308 2m Poe Firmware
All versions
Running on/withPlatform Versions
Siemens
Scalance X308 2m Poe
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scalance X308 2m Ts Firmware
Before 4.1.4
Running on/withPlatform Versions
Siemens
Scalance X308 2m Ts
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scalance X310 Firmware
Before 4.1.4
Running on/withPlatform Versions
Siemens
Scalance X310
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scalance X310fe Firmware
Before 4.1.4
Running on/withPlatform Versions
Siemens
Scalance X310fe
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scalance X320 1fe Firmware
Before 4.1.4
Running on/withPlatform Versions
Siemens
Scalance X320 1fe
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scalance X320 1 2ldfe Firmware
Before 4.1.4
Running on/withPlatform Versions
Siemens
Scalance X320 1 2ldfe
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scalance X408 2 Firmware
Before 4.1.4
Running on/withPlatform Versions
Siemens
Scalance X408 2
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scalance Xr324 4m Eec Firmware
Before 4.1.4
Running on/withPlatform Versions
Siemens
Scalance Xr324 4m Eec
All versions
Configuration T
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scalance Xr324 4m Poe Firmware
Before 4.1.4
Running on/withPlatform Versions
Siemens
Scalance Xr324 4m Poe
All versions
Configuration U
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scalance Xr324 4m Poe Ts Firmware
Before 4.1.4
Running on/withPlatform Versions
Siemens
Scalance Xr324 4m Poe Ts
All versions
Configuration V
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scalance Xr324 12m Firmware
Before 4.1.4
Running on/withPlatform Versions
Siemens
Scalance Xr324 12m
All versions
Configuration W
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scalance Xr324 12m Ts Firmware
Before 4.1.4
Running on/withPlatform Versions
Siemens
Scalance Xr324 12m Ts
All versions
Configuration X
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Siplus Net Scalance X308 2 Firmware
Before 4.1.4
Running on/withPlatform Versions
Siemens
Siplus Net Scalance X308 2
All versions

Related CWEs

CWE-121
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

Source: productcert@siemens.com
MitigationPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationPatchVendor Advisory

Timeline

No history available yet.