CVE-2022-26649

Severity Score

9.6

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices.

Se ha identificado una vulnerabilidad en SCALANCE X200-4P IRT (Todas las versiones), SCALANCE X200-4P IRT (Todas las versiones), SCALANCE X201-3P IRT (Todas las versiones), SCALANCE X201-3P IRT (Todas las versiones), SCALANCE X201-3P IRT PRO (Todas las versiones) SCALANCE X202-2IRT (Todas las versiones), SCALANCE X202-2IRT (Todas las versiones), SCALANCE X202-2P IRT (Todas las versiones), SCALANCE X202-2P IRT (Todas las versiones), SCALANCE X202-2P IRT PRO (Todas las versiones), SCALANCE X202-2P IRT PRO (Todas las versiones), SCALANCE X204-2 (Todas las versiones anteriores a V5. 2.6), SCALANCE X204-2FM (Todas las versiones anteriores a V5.2.6), SCALANCE X204-2LD (Todas las versiones anteriores a V5.2.6), SCALANCE X204-2LD TS (Todas las versiones anteriores a V5.2.6), SCALANCE X204-2TS (Todas las versiones anteriores a V5.2. 6), SCALANCE X204IRT (Todas las versiones), SCALANCE X204IRT (Todas las versiones), SCALANCE X204IRT PRO (Todas las versiones), SCALANCE X204IRT PRO (Todas las versiones), SCALANCE X206-1 (Todas las versiones anteriores a V5.2.6), SCALANCE X206-1LD (Todas las versiones anteriores a V5. 2.6), SCALANCE X208 (Todas las versiones anteriores a V5.2.6), SCALANCE X208PRO (Todas las versiones anteriores a V5.2.6), SCALANCE X212-2 (Todas las versiones anteriores a V5.2.6), SCALANCE X212-2LD (Todas las versiones anteriores a V5.2.6), SCALANCE X216 (Todas las versiones anteriores a V5. 2.6), SCALANCE X224 (Todas las versiones anteriores a V5.2.6), SCALANCE XF201-3P IRT (Todas las versiones), SCALANCE XF202-2P IRT (Todas las versiones), SCALANCE XF204 (Todas las versiones anteriores a V5.2.6), SCALANCE XF204-2 (Todas las versiones anteriores a V5. 2.6), SCALANCE XF204-2BA IRT (Todas las versiones), SCALANCE XF204IRT (Todas las versiones), SCALANCE XF204IRT (Todas las versiones), SCALANCE XF206-1 (Todas las versiones anteriores a V5.2.6), SCALANCE XF208 (Todas las versiones anteriores a V5.2.6). Los dispositivos afectados no comprueban correctamente el URI de las peticiones HTTP GET entrantes. Esto podría permitir a un atacante remoto no autenticado bloquear los dispositivos afectados

*Credits: N/A

CVSS Scores

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-03-07 CVE Reserved
2022-07-12 CVE Published
2024-08-03 CVE Updated
2024-10-03 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf	2023-04-11

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Siemens Search vendor "Siemens"	Scalance X204-2 Firmware Search vendor "Siemens" for product "Scalance X204-2 Firmware"	< 5.2.6 Search vendor "Siemens" for product "Scalance X204-2 Firmware" and version " < 5.2.6"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance X204-2 Search vendor "Siemens" for product "Scalance X204-2"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance X204-2fm Firmware Search vendor "Siemens" for product "Scalance X204-2fm Firmware"	< 5.2.6 Search vendor "Siemens" for product "Scalance X204-2fm Firmware" and version " < 5.2.6"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance X204-2fm Search vendor "Siemens" for product "Scalance X204-2fm"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance X204-2ld Firmware Search vendor "Siemens" for product "Scalance X204-2ld Firmware"	< 5.2.6 Search vendor "Siemens" for product "Scalance X204-2ld Firmware" and version " < 5.2.6"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance X204-2ld Search vendor "Siemens" for product "Scalance X204-2ld"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance X204-2ld Ts Firmware Search vendor "Siemens" for product "Scalance X204-2ld Ts Firmware"	< 5.2.6 Search vendor "Siemens" for product "Scalance X204-2ld Ts Firmware" and version " < 5.2.6"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance X204-2ld Ts Search vendor "Siemens" for product "Scalance X204-2ld Ts"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance X204-2ts Firmware Search vendor "Siemens" for product "Scalance X204-2ts Firmware"	< 5.2.6 Search vendor "Siemens" for product "Scalance X204-2ts Firmware" and version " < 5.2.6"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance X204-2ts Search vendor "Siemens" for product "Scalance X204-2ts"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance X206-1 Firmware Search vendor "Siemens" for product "Scalance X206-1 Firmware"	< 5.2.6 Search vendor "Siemens" for product "Scalance X206-1 Firmware" and version " < 5.2.6"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance X206-1 Search vendor "Siemens" for product "Scalance X206-1"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance X206-1ld Firmware Search vendor "Siemens" for product "Scalance X206-1ld Firmware"	< 5.2.6 Search vendor "Siemens" for product "Scalance X206-1ld Firmware" and version " < 5.2.6"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance X206-1ld Search vendor "Siemens" for product "Scalance X206-1ld"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance X208 Firmware Search vendor "Siemens" for product "Scalance X208 Firmware"	< 5.2.6 Search vendor "Siemens" for product "Scalance X208 Firmware" and version " < 5.2.6"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance X208 Search vendor "Siemens" for product "Scalance X208"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance X208 Pro Firmware Search vendor "Siemens" for product "Scalance X208 Pro Firmware"	< 5.2.6 Search vendor "Siemens" for product "Scalance X208 Pro Firmware" and version " < 5.2.6"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance X208 Pro Search vendor "Siemens" for product "Scalance X208 Pro"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance X212-2 Firmware Search vendor "Siemens" for product "Scalance X212-2 Firmware"	< 5.2.6 Search vendor "Siemens" for product "Scalance X212-2 Firmware" and version " < 5.2.6"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance X212-2 Search vendor "Siemens" for product "Scalance X212-2"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance X212-2ld Firmware Search vendor "Siemens" for product "Scalance X212-2ld Firmware"	< 5.2.6 Search vendor "Siemens" for product "Scalance X212-2ld Firmware" and version " < 5.2.6"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance X212-2ld Search vendor "Siemens" for product "Scalance X212-2ld"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance X216 Firmware Search vendor "Siemens" for product "Scalance X216 Firmware"	< 5.2.6 Search vendor "Siemens" for product "Scalance X216 Firmware" and version " < 5.2.6"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance X216 Search vendor "Siemens" for product "Scalance X216"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance X224 Firmware Search vendor "Siemens" for product "Scalance X224 Firmware"	< 5.2.6 Search vendor "Siemens" for product "Scalance X224 Firmware" and version " < 5.2.6"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance X224 Search vendor "Siemens" for product "Scalance X224"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance Xf204 Firmware Search vendor "Siemens" for product "Scalance Xf204 Firmware"	< 5.2.6 Search vendor "Siemens" for product "Scalance Xf204 Firmware" and version " < 5.2.6"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance Xf204 Search vendor "Siemens" for product "Scalance Xf204"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance Xf204-2 Firmware Search vendor "Siemens" for product "Scalance Xf204-2 Firmware"	< 5.2.6 Search vendor "Siemens" for product "Scalance Xf204-2 Firmware" and version " < 5.2.6"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance Xf204-2 Search vendor "Siemens" for product "Scalance Xf204-2"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance Xf206-1 Firmware Search vendor "Siemens" for product "Scalance Xf206-1 Firmware"	< 5.2.6 Search vendor "Siemens" for product "Scalance Xf206-1 Firmware" and version " < 5.2.6"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance Xf206-1 Search vendor "Siemens" for product "Scalance Xf206-1"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance Xf208 Firmware Search vendor "Siemens" for product "Scalance Xf208 Firmware"	< 5.2.6 Search vendor "Siemens" for product "Scalance Xf208 Firmware" and version " < 5.2.6"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance Xf208 Search vendor "Siemens" for product "Scalance Xf208"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance X200-4p Irt Firmware Search vendor "Siemens" for product "Scalance X200-4p Irt Firmware"	*	-	Affected	in	Siemens Search vendor "Siemens"	Scalance X200-4p Irt Search vendor "Siemens" for product "Scalance X200-4p Irt"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance X201-3p Irt Firmware Search vendor "Siemens" for product "Scalance X201-3p Irt Firmware"	*	-	Affected	in	Siemens Search vendor "Siemens"	Scalance X201-3p Irt Search vendor "Siemens" for product "Scalance X201-3p Irt"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance X201-3p Irt Pro Firmware Search vendor "Siemens" for product "Scalance X201-3p Irt Pro Firmware"	*	-	Affected	in	Siemens Search vendor "Siemens"	Scalance X201-3p Irt Pro Search vendor "Siemens" for product "Scalance X201-3p Irt Pro"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance X202-2irt Firmware Search vendor "Siemens" for product "Scalance X202-2irt Firmware"	*	-	Affected	in	Siemens Search vendor "Siemens"	Scalance X202-2irt Search vendor "Siemens" for product "Scalance X202-2irt"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance X202-2p Irt Firmware Search vendor "Siemens" for product "Scalance X202-2p Irt Firmware"	*	-	Affected	in	Siemens Search vendor "Siemens"	Scalance X202-2p Irt Search vendor "Siemens" for product "Scalance X202-2p Irt"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance X202-2p Irt Pro Firmware Search vendor "Siemens" for product "Scalance X202-2p Irt Pro Firmware"	*	-	Affected	in	Siemens Search vendor "Siemens"	Scalance X202-2p Irt Pro Search vendor "Siemens" for product "Scalance X202-2p Irt Pro"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance X204irt Firmware Search vendor "Siemens" for product "Scalance X204irt Firmware"	*	-	Affected	in	Siemens Search vendor "Siemens"	Scalance X204irt Search vendor "Siemens" for product "Scalance X204irt"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance X204irt Pro Firmware Search vendor "Siemens" for product "Scalance X204irt Pro Firmware"	*	-	Affected	in	Siemens Search vendor "Siemens"	Scalance X204irt Pro Search vendor "Siemens" for product "Scalance X204irt Pro"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance Xf201-3p Irt Firmware Search vendor "Siemens" for product "Scalance Xf201-3p Irt Firmware"	*	-	Affected	in	Siemens Search vendor "Siemens"	Scalance Xf201-3p Irt Search vendor "Siemens" for product "Scalance Xf201-3p Irt"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance Xf202-2p Irt Firmware Search vendor "Siemens" for product "Scalance Xf202-2p Irt Firmware"	*	-	Affected	in	Siemens Search vendor "Siemens"	Scalance Xf202-2p Irt Search vendor "Siemens" for product "Scalance Xf202-2p Irt"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance Xf204-2ba Irt Firmware Search vendor "Siemens" for product "Scalance Xf204-2ba Irt Firmware"	*	-	Affected	in	Siemens Search vendor "Siemens"	Scalance Xf204-2ba Irt Search vendor "Siemens" for product "Scalance Xf204-2ba Irt"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance Xf204irt Firmware Search vendor "Siemens" for product "Scalance Xf204irt Firmware"	*	-	Affected	in	Siemens Search vendor "Siemens"	Scalance Xf204irt Search vendor "Siemens" for product "Scalance Xf204irt"	-	-	Safe