CVE-2022-25754 - OpenCVE

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server of the affected device could allow remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Siemens	Scalance X308-2lh Firmware Scalance X320-1fe Scalance X308-2ld Scalance X307-3 Scalance Xr324-4m Eec Scalance Xr324-4m Poe Scalance X307-3ld Firmware Scalance X307-3 Firmware Scalance X308-2m Poe Firmware Scalance X307-2eec Firmware Siplus Net Scalance X308-2 Firmware Scalance X304-2fe Scalance X310 Firmware Scalance X310fe Scalance Xr324-4m Poe Firmware Scalance Xr324-4m Poe Ts Scalance X307-2eec Scalance X308-2ld Firmware Scalance X310 Scalance X308-2lh Scalance X308-2m Ts Scalance X302-7eec Scalance X308-2m Scalance X308-2 Firmware Scalance Xr324-4m Eec Firmware Scalance X308-2m Poe Scalance Xr324-12m Firmware Scalance X308-2 Scalance Xr324-12m Scalance X320-1-2ldfe Scalance X307-3ld Scalance X320-1-2ldfe Firmware Scalance X306-1ldfe Firmware Scalance X306-1ldfe Scalance X408-2 Firmware Scalance Xr324-4m Poe Ts Firmware Scalance Xr324-12m Ts Firmware Scalance X310fe Firmware Scalance Xr324-12m Ts Scalance X308-2lh\+ Scalance X302-7eec Firmware Scalance X320-1fe Firmware Scalance X408-2 Scalance X308-2m Ts Firmware Siplus Net Scalance X308-2 Scalance X304-2fe Firmware Scalance X308-2lh\+ Firmware Scalance X308-2m Firmware

Configuration 1 [-]

AND

cpe:2.3:o:siemens:scalance_x302-7eec_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x302-7eec:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:siemens:scalance_x304-2fe_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x304-2fe:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:siemens:scalance_x306-1ldfe_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x306-1ldfe:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:siemens:scalance_x307-2eec_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x307-2eec:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:siemens:scalance_x307-3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x307-3:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:siemens:scalance_x307-3ld_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x307-3ld:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:siemens:scalance_x308-2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x308-2:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:siemens:scalance_x308-2ld_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x308-2ld:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:siemens:scalance_x308-2lh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x308-2lh:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:siemens:scalance_x308-2lh\+_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x308-2lh\+:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:siemens:scalance_x308-2m_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x308-2m:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:siemens:scalance_x308-2m_poe_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x308-2m_poe:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:siemens:scalance_x308-2m_ts_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x308-2m_ts:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:siemens:scalance_x310_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x310:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:siemens:scalance_x310fe_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x310fe:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:siemens:scalance_x320-1fe_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x320-1fe:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:siemens:scalance_x320-1-2ldfe_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x320-1-2ldfe:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:siemens:scalance_x408-2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x408-2:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:siemens:scalance_xr324-4m_eec_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xr324-4m_eec:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:siemens:scalance_xr324-4m_poe_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xr324-4m_poe:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:siemens:scalance_xr324-4m_poe_ts_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xr324-4m_poe_ts:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:siemens:scalance_xr324-12m_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xr324-12m:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:siemens:scalance_xr324-12m_ts_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xr324-12m_ts:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:siemens:siplus_net_scalance_x308-2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:siplus_net_scalance_x308-2:-:*:*:*:*:*:*:*

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf	Mitigation Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: siemens

Published: 2022-04-12T09:07:49

Updated: 2022-04-12T09:07:49

Reserved: 2022-02-22T00:00:00

Link: CVE-2022-25754

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-04-12T09:15:14.747

Modified: 2022-04-19T18:09:34.047

Link: CVE-2022-25754

JSON object: View

Redhat Information

No data.

CWE

CWE-352