CVE-2022-26648
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD (Secondary)
Description
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices.
Affected (29)
Products: Siemens: Scalance X204 2 Firmware, Scalance X204 2fm Firmware, Scalance X204 2ld Firmware, Scalance X204 2ld Ts Firmware, Scalance X204 2ts Firmware, Scalance X206 1 Firmware, Scalance X206 1ld Firmware, Scalance X208 Firmware, Scalance X208 Pro Firmware, Scalance X212 2 Firmware, Scalance X212 2ld Firmware, Scalance X216 Firmware, Scalance X224 Firmware, Scalance Xf204 Firmware, Scalance Xf204 2 Firmware, Scalance Xf206 1 Firmware, Scalance Xf208 Firmware, Scalance X200 4p Irt Firmware, Scalance X201 3p Irt Firmware, Scalance X201 3p Irt Pro Firmware, Scalance X202 2irt Firmware, Scalance X202 2p Irt Firmware, Scalance X202 2p Irt Pro Firmware, Scalance X204irt Firmware, Scalance X204irt Pro Firmware, Scalance Xf201 3p Irt Firmware, Scalance Xf202 2p Irt Firmware, Scalance Xf204 2ba Irt Firmware, Scalance Xf204irt Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.6 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X204 2 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.6 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X204 2fm | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.6 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X204 2ld | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.6 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X204 2ld Ts | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.6 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X204 2ts | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.6 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X206 1 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.6 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X206 1ld | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.6 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X208 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.6 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X208 Pro | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.6 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X212 2 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.6 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X212 2ld | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.6 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X216 | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.6 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X224 | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.6 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xf204 | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.6 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xf204 2 | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.6 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xf206 1 | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.6 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xf208 | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X200 4p Irt | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X201 3p Irt | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X201 3p Irt Pro | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X202 2irt | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X202 2p Irt | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X202 2p Irt Pro | All versions |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X204irt | All versions |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X204irt Pro | All versions |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xf201 3p Irt | All versions |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xf202 2p Irt | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xf204 2ba Irt | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xf204irt | All versions |
References (2)
Source: productcert@siemens.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Timeline
No history available yet.