CVE-2022-26648

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices.

CVSS v3 8.2 HIGH
CVSS v2.0 7.8 HIGH

8.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 5.3

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact HIGH

Scope CHANGED

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:siemens:scalance_x204-2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x204-2:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:siemens:scalance_x204-2fm_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x204-2fm:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:siemens:scalance_x204-2ld_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x204-2ld:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:siemens:scalance_x204-2ld_ts_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x204-2ld_ts:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:siemens:scalance_x204-2ts_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x204-2ts:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:siemens:scalance_x206-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x206-1:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:siemens:scalance_x206-1ld_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x206-1ld:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:siemens:scalance_x208_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x208:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:siemens:scalance_x208_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x208_pro:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:siemens:scalance_x212-2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x212-2:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:siemens:scalance_x212-2ld_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x212-2ld:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:siemens:scalance_x216_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x216:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:siemens:scalance_x224_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x224:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:siemens:scalance_xf204_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf204:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:siemens:scalance_xf204-2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf204-2:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:siemens:scalance_xf206-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf206-1:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:siemens:scalance_xf208_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf208:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:siemens:scalance_x200-4p_irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x200-4p_irt:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:siemens:scalance_x201-3p_irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x201-3p_irt:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:siemens:scalance_x201-3p_irt_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x201-3p_irt_pro:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:siemens:scalance_x202-2irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x202-2irt:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:siemens:scalance_x202-2p_irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x202-2p_irt:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:siemens:scalance_x202-2p_irt_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x202-2p_irt_pro:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:siemens:scalance_x204irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x204irt:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:siemens:scalance_x204irt_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x204irt_pro:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:siemens:scalance_xf201-3p_irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf201-3p_irt:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:siemens:scalance_xf202-2p_irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf202-2p_irt:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:siemens:scalance_xf204-2ba_irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf204-2ba_irt:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:siemens:scalance_xf204irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf204irt:-:*:*:*:*:*:*:*

History

11 Apr 2023, 10:15

Type	Values Removed	Values Added
CVSS	v2 : ~~7.8~~ v3 : ~~7.5~~	v2 : 7.8 v3 : 8.2
Summary	A vulnerability has been identified in SCALANCE X200-4P IRT (All versions), SCALANCE X200-4P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X202-2IRT (All versions), SCALANCE X202-2IRT (All versions), SCALANCE X202-2P IRT (All versions), SCALANCE X202-2P IRT (All versions), SCALANCE X202-2P IRT PRO (All versions), SCALANCE X202-2P IRT PRO (All versions), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions), SCALANCE X204IRT (All versions), SCALANCE X204IRT PRO (All versions), SCALANCE X204IRT PRO (All versions), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions), SCALANCE XF202-2P IRT (All versions), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions), SCALANCE XF204IRT (All versions), SCALANCE XF204IRT (All versions), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices.	A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices.

15 Jul 2022, 17:26

Type	Values Removed	Values Added
First Time		Siemens scalance X204-2ld Ts Firmware Siemens scalance X212-2 Siemens scalance X208 Siemens scalance Xf204irt Siemens scalance X201-3p Irt Siemens scalance X216 Siemens scalance X204-2ld Ts Siemens scalance X201-3p Irt Pro Siemens scalance X204irt Siemens scalance X212-2ld Firmware Siemens scalance X208 Pro Siemens scalance Xf202-2p Irt Siemens scalance Xf201-3p Irt Firmware Siemens scalance X204-2ts Siemens scalance X202-2irt Firmware Siemens scalance Xf204-2 Firmware Siemens scalance X202-2irt Siemens scalance Xf204-2ba Irt Siemens scalance Xf204irt Firmware Siemens scalance Xf204-2ba Irt Firmware Siemens scalance X212-2 Firmware Siemens scalance X204-2ld Siemens scalance Xf204-2 Siemens scalance X202-2p Irt Firmware Siemens scalance X206-1 Firmware Siemens scalance X204irt Pro Siemens scalance X200-4p Irt Siemens scalance X204irt Firmware Siemens scalance Xf208 Firmware Siemens scalance Xf202-2p Irt Firmware Siemens scalance X224 Siemens scalance Xf204 Siemens scalance X202-2p Irt Siemens scalance X204-2ld Firmware Siemens scalance X208 Firmware Siemens scalance X201-3p Irt Firmware Siemens scalance X206-1ld Siemens Siemens scalance X206-1 Siemens scalance X204-2ts Firmware Siemens scalance X206-1ld Firmware Siemens scalance X204-2fm Siemens scalance Xf208 Siemens scalance X212-2ld Siemens scalance Xf204 Firmware Siemens scalance X204irt Pro Firmware Siemens scalance X200-4p Irt Firmware Siemens scalance Xf201-3p Irt Siemens scalance X204-2fm Firmware Siemens scalance X204-2 Firmware Siemens scalance X208 Pro Firmware Siemens scalance Xf206-1 Firmware Siemens scalance X204-2 Siemens scalance X202-2p Irt Pro Siemens scalance X202-2p Irt Pro Firmware Siemens scalance X216 Firmware Siemens scalance Xf206-1 Siemens scalance X201-3p Irt Pro Firmware Siemens scalance X224 Firmware
CPE		cpe:2.3:h:siemens:scalance_xf206-1:-:::::::* cpe:2.3:o:siemens:scalance_x202-2irt_firmware:::::::: cpe:2.3:h:siemens:scalance_x208:-:::::::* cpe:2.3:o:siemens:scalance_xf202-2p_irt_firmware:::::::: cpe:2.3:h:siemens:scalance_x201-3p_irt_pro:-:::::::* cpe:2.3:h:siemens:scalance_xf201-3p_irt:-:::::::* cpe:2.3:h:siemens:scalance_x200-4p_irt:-:::::::* cpe:2.3:o:siemens:scalance_x212-2_firmware:::::::: cpe:2.3:o:siemens:scalance_x204-2fm_firmware:::::::: cpe:2.3:o:siemens:scalance_x206-1ld_firmware:::::::: cpe:2.3:h:siemens:scalance_xf204-2ba_irt:-:::::::* cpe:2.3:h:siemens:scalance_x212-2:-:::::::* cpe:2.3:h:siemens:scalance_x204irt_pro:-:::::::* cpe:2.3:o:siemens:scalance_xf208_firmware:::::::: cpe:2.3:o:siemens:scalance_x201-3p_irt_pro_firmware:::::::: cpe:2.3:h:siemens:scalance_xf204irt:-:::::::* cpe:2.3:h:siemens:scalance_x212-2ld:-:::::::* cpe:2.3:h:siemens:scalance_x202-2p_irt:-:::::::* cpe:2.3:o:siemens:scalance_xf201-3p_irt_firmware:::::::: cpe:2.3:h:siemens:scalance_x204-2ts:-:::::::* cpe:2.3:h:siemens:scalance_x204-2:-:::::::* cpe:2.3:o:siemens:scalance_x204-2ld_firmware:::::::: cpe:2.3:o:siemens:scalance_x204-2ld_ts_firmware:::::::: cpe:2.3:o:siemens:scalance_x224_firmware:::::::: cpe:2.3:o:siemens:scalance_x212-2ld_firmware:::::::: cpe:2.3:o:siemens:scalance_x216_firmware:::::::: cpe:2.3:h:siemens:scalance_xf208:-:::::::* cpe:2.3:h:siemens:scalance_x206-1ld:-:::::::* cpe:2.3:o:siemens:scalance_x200-4p_irt_firmware:::::::: cpe:2.3:h:siemens:scalance_xf202-2p_irt:-:::::::* cpe:2.3:h:siemens:scalance_x216:-:::::::* cpe:2.3:h:siemens:scalance_x208_pro:-:::::::* cpe:2.3:o:siemens:scalance_x206-1_firmware:::::::: cpe:2.3:h:siemens:scalance_x202-2p_irt_pro:-:::::::* cpe:2.3:o:siemens:scalance_x204irt_firmware:::::::: cpe:2.3:h:siemens:scalance_x204-2ld:-:::::::* cpe:2.3:o:siemens:scalance_x201-3p_irt_firmware:::::::: cpe:2.3:h:siemens:scalance_xf204-2:-:::::::* cpe:2.3:o:siemens:scalance_x204irt_pro_firmware:::::::: cpe:2.3:o:siemens:scalance_xf206-1_firmware:::::::: cpe:2.3:h:siemens:scalance_x206-1:-:::::::* cpe:2.3:o:siemens:scalance_x202-2p_irt_firmware:::::::: cpe:2.3:h:siemens:scalance_x204-2ld_ts:-:::::::* cpe:2.3:o:siemens:scalance_x202-2p_irt_pro_firmware:::::::: cpe:2.3:h:siemens:scalance_x204irt:-:::::::* cpe:2.3:h:siemens:scalance_x201-3p_irt:-:::::::* cpe:2.3:o:siemens:scalance_xf204_firmware:::::::: cpe:2.3:o:siemens:scalance_xf204-2ba_irt_firmware:::::::: cpe:2.3:o:siemens:scalance_x204-2_firmware:::::::: cpe:2.3:h:siemens:scalance_x224:-:::::::* cpe:2.3:o:siemens:scalance_xf204-2_firmware:::::::: cpe:2.3:h:siemens:scalance_xf204:-:::::::* cpe:2.3:h:siemens:scalance_x202-2irt:-:::::::* cpe:2.3:h:siemens:scalance_x204-2fm:-:::::::* cpe:2.3:o:siemens:scalance_xf204irt_firmware:::::::: cpe:2.3:o:siemens:scalance_x208_pro_firmware:::::::: cpe:2.3:o:siemens:scalance_x204-2ts_firmware:::::::: cpe:2.3:o:siemens:scalance_x208_firmware::::::::
References	~~(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf -~~	(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf - Patch, Vendor Advisory
CWE		CWE-120
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.8 v3 : 7.5

12 Jul 2022, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-07-12 10:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-26648

Mitre link : CVE-2022-26648

CVE.ORG link : CVE-2022-26648

JSON object : View

Products Affected

siemens

scalance_x202-2p_irt_pro
scalance_xf204
scalance_x204-2_firmware
scalance_x204-2ts
scalance_x216_firmware
scalance_x204-2ld_firmware
scalance_x204irt
scalance_xf201-3p_irt
scalance_x204-2fm_firmware
scalance_xf206-1
scalance_xf202-2p_irt_firmware
scalance_x212-2ld_firmware
scalance_x204-2
scalance_x204-2fm
scalance_x200-4p_irt
scalance_xf208_firmware
scalance_xf201-3p_irt_firmware
scalance_x204-2ld
scalance_x201-3p_irt_pro
scalance_xf202-2p_irt
scalance_x208_firmware
scalance_xf204irt_firmware
scalance_x202-2irt_firmware
scalance_xf204irt
scalance_x202-2p_irt
scalance_xf204-2ba_irt_firmware
scalance_x224
scalance_x204-2ld_ts_firmware
scalance_x208
scalance_x212-2
scalance_x202-2p_irt_firmware
scalance_x212-2_firmware
scalance_xf206-1_firmware
scalance_x202-2irt
scalance_x204irt_pro_firmware
scalance_x224_firmware
scalance_x216
scalance_x204-2ts_firmware
scalance_x204irt_pro
scalance_x206-1_firmware
scalance_x204-2ld_ts
scalance_x201-3p_irt_pro_firmware
scalance_xf204-2ba_irt
scalance_x204irt_firmware
scalance_xf204_firmware
scalance_x200-4p_irt_firmware
scalance_xf204-2_firmware
scalance_xf208
scalance_x201-3p_irt_firmware
scalance_x208_pro
scalance_x212-2ld
scalance_xf204-2
scalance_x206-1ld
scalance_x208_pro_firmware
scalance_x206-1ld_firmware
scalance_x206-1
scalance_x201-3p_irt
scalance_x202-2p_irt_pro_firmware

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

8.2 /10