CVE-2022-46351 - OpenCVE

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). Specially crafted PROFINET DCP packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2).

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Siemens	6gk5204-0bs00-3pa3 Firmware 6gk5204-0ba00-2kb2 Firmware 6gk5204-0ba00-2kb2 6gk5204-0bs00-3pa3 6gk5204-0ba00-2mb2 6gk5204-0bs00-3la3 6gk5204-0bs00-2na3 Firmware 6gk5204-0ba00-2mb2 Firmware 6gk5204-0bs00-2na3 6gk5204-0bs00-3la3 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:siemens:6gk5204-0ba00-2mb2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6gk5204-0ba00-2mb2:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:siemens:6gk5204-0ba00-2kb2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6gk5204-0ba00-2kb2:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:siemens:6gk5204-0bs00-2na3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6gk5204-0bs00-2na3:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:siemens:6gk5204-0bs00-3la3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6gk5204-0bs00-3la3:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:siemens:6gk5204-0bs00-3pa3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6gk5204-0bs00-3pa3:-:*:*:*:*:*:*:*

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdf	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: siemens

Published: 2022-12-13T00:00:00

Updated: 2022-12-13T00:00:00

Reserved: 2022-11-30T00:00:00

Link: CVE-2022-46351

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-12-13T16:15:25.730

Modified: 2022-12-15T21:05:03.147

Link: CVE-2022-46351

JSON object: View

Redhat Information

No data.

CWE

CWE-400

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:6gk5204-0ba00-2mb2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "77A54E43-E9A5-49CF-BA3C-E6878C2C713F", "versionEndExcluding": "3.2.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:6gk5204-0ba00-2mb2:-:*:*:*:*:*:*:*", "matchCriteriaId": "AF6E5E68-552D-40C1-A4AB-605D0F21688F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:6gk5204-0ba00-2kb2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE326B9F-A613-46B5-A20D-BE9D41A80857", "versionEndExcluding": "3.2.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:6gk5204-0ba00-2kb2:-:*:*:*:*:*:*:*", "matchCriteriaId": "7B61CA05-D98E-4BD6-BE78-58574B2DE5CA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:6gk5204-0bs00-2na3_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6FCF31E-22CA-4038-AC27-BAEA752A718D", "versionEndExcluding": "3.2.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:6gk5204-0bs00-2na3:-:*:*:*:*:*:*:*", "matchCriteriaId": "28B98E8F-0E32-4BA4-8237-055BDB25C1B3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:6gk5204-0bs00-3la3_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7EA94F5-1AB0-4BE2-810A-46B840070856", "versionEndExcluding": "3.2.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:6gk5204-0bs00-3la3:-:*:*:*:*:*:*:*", "matchCriteriaId": "D92CFF31-E138-49D0-A9FF-A91E7342AEFC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:6gk5204-0bs00-3pa3_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "06CBD11B-3671-425B-89EB-4B9677B3316B", "versionEndExcluding": "3.2.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:6gk5204-0bs00-3pa3:-:*:*:*:*:*:*:*", "matchCriteriaId": "1572F77B-98B7-44D9-9DF9-9EC56CD6E571", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). Specially crafted PROFINET DCP packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2)."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en:\nSCALANCE X204RNA (HSR) (Todas las versiones < V3.2.7), \nSCALANCE X204RNA (PRP) (Todas las versiones < V3.2.7), \nSCALANCE X204RNA EEC (HSR) (Todas las versiones < V3.2.7 ), \nSCALANCE X204RNA EEC (PRP) (todas las versiones < V3.2.7), \nSCALANCE X204RNA EEC (PRP/HSR) (todas las versiones < V3.2.7). \nLos paquetes PROFINET DCP especialmente manipulados podr\u00edan provocar una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS) de los productos afectados en un segmento Ethernet local (Capa 2)."}], "id": "CVE-2022-46351", "lastModified": "2022-12-15T21:05:03.147", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-13T16:15:25.730", "references": [{"source": "productcert@siemens.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "productcert@siemens.com", "type": "Secondary"}]}