Versio.io

CVE-2022-25754

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 12-04-2022 11:15
Last modified: - 19-04-2022 08:09
Total changes: - 2

Description

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server of the affected device could allow remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Low
Attack complexity
Network
Attack vector
High
Availability
High
Confidentiality
High
Integrity
None
Privileges required
Unchanged
Scope
Required
User interaction
8.8
Base score
2.8
5.9
Exploitability score
Impact score
 

Verification logic

OR
AND
OR
vendor=siemens AND product=scalance_x302-7eec_firmware AND versionEndExcluding=4.1.4
OR
vendor=siemens AND product=scalance_x302-7eec AND version=-
AND
OR
vendor=siemens AND product=scalance_x304-2fe_firmware AND versionEndExcluding=4.1.4
OR
vendor=siemens AND product=scalance_x304-2fe AND version=-
AND
OR
vendor=siemens AND product=scalance_x306-1ldfe_firmware AND versionEndExcluding=4.1.4
OR
vendor=siemens AND product=scalance_x306-1ldfe AND version=-
AND
OR
vendor=siemens AND product=scalance_x307-2eec_firmware AND versionEndExcluding=4.1.4
OR
vendor=siemens AND product=scalance_x307-2eec AND version=-
AND
OR
vendor=siemens AND product=scalance_x307-3_firmware AND versionEndExcluding=4.1.4
OR
vendor=siemens AND product=scalance_x307-3 AND version=-
AND
OR
vendor=siemens AND product=scalance_x307-3ld_firmware AND versionEndExcluding=4.1.4
OR
vendor=siemens AND product=scalance_x307-3ld AND version=-
AND
OR
vendor=siemens AND product=scalance_x308-2_firmware AND versionEndExcluding=4.1.4
OR
vendor=siemens AND product=scalance_x308-2 AND version=-
AND
OR
vendor=siemens AND product=scalance_x308-2ld_firmware AND versionEndExcluding=4.1.4
OR
vendor=siemens AND product=scalance_x308-2ld AND version=-
AND
OR
vendor=siemens AND product=scalance_x308-2lh_firmware AND versionEndExcluding=4.1.4
OR
vendor=siemens AND product=scalance_x308-2lh AND version=-
AND
OR
vendor=siemens AND product=scalance_x308-2lh\+_firmware AND versionEndExcluding=4.1.4
OR
vendor=siemens AND product=scalance_x308-2lh\+ AND version=-
AND
OR
vendor=siemens AND product=scalance_x308-2m_firmware AND versionEndExcluding=4.1.4
OR
vendor=siemens AND product=scalance_x308-2m AND version=-
AND
OR
vendor=siemens AND product=scalance_x308-2m_poe_firmware AND version=-
OR
vendor=siemens AND product=scalance_x308-2m_poe AND version=-
AND
OR
vendor=siemens AND product=scalance_x308-2m_ts_firmware AND versionEndExcluding=4.1.4
OR
vendor=siemens AND product=scalance_x308-2m_ts AND version=-
AND
OR
vendor=siemens AND product=scalance_x310_firmware AND versionEndExcluding=4.1.4
OR
vendor=siemens AND product=scalance_x310 AND version=-
AND
OR
vendor=siemens AND product=scalance_x310fe_firmware AND versionEndExcluding=4.1.4
OR
vendor=siemens AND product=scalance_x310fe AND version=-
AND
OR
vendor=siemens AND product=scalance_x320-1fe_firmware AND versionEndExcluding=4.1.4
OR
vendor=siemens AND product=scalance_x320-1fe AND version=-
AND
OR
vendor=siemens AND product=scalance_x320-1-2ldfe_firmware AND versionEndExcluding=4.1.4
OR
vendor=siemens AND product=scalance_x320-1-2ldfe AND version=-
AND
OR
vendor=siemens AND product=scalance_x408-2_firmware AND versionEndExcluding=4.1.4
OR
vendor=siemens AND product=scalance_x408-2 AND version=-
AND
OR
vendor=siemens AND product=scalance_xr324-4m_eec_firmware AND versionEndExcluding=4.1.4
OR
vendor=siemens AND product=scalance_xr324-4m_eec AND version=-
AND
OR
vendor=siemens AND product=scalance_xr324-4m_poe_firmware AND versionEndExcluding=4.1.4
OR
vendor=siemens AND product=scalance_xr324-4m_poe AND version=-
AND
OR
vendor=siemens AND product=scalance_xr324-4m_poe_ts_firmware AND versionEndExcluding=4.1.4
OR
vendor=siemens AND product=scalance_xr324-4m_poe_ts AND version=-
AND
OR
vendor=siemens AND product=scalance_xr324-12m_firmware AND versionEndExcluding=4.1.4
OR
vendor=siemens AND product=scalance_xr324-12m AND version=-
AND
OR
vendor=siemens AND product=scalance_xr324-12m_ts_firmware AND versionEndExcluding=4.1.4
OR
vendor=siemens AND product=scalance_xr324-12m_ts AND version=-
AND
OR
vendor=siemens AND product=siplus_net_scalance_x308-2_firmware AND versionEndExcluding=4.1.4
OR
vendor=siemens AND product=siplus_net_scalance_x308-2 AND version=-
 

Reference

  • N/A-Mitigation, Patch, Vendor Advisory
 


Keywords

NVD

 

CVE-2022-25754

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.