ID

VAR-202204-0496


CVE

CVE-2022-25752


TITLE

plural  SCALANCE  Insufficient random value usage vulnerability in product

Trust: 0.8

sources: JVNDB: JVNDB-2022-001597

DESCRIPTION

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions. plural SCALANCE The product is vulnerable to the use of inadequate random values.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLC) or human machine interfaces (HMI). SIPLUS extreme is designed for reliable operation under extreme conditions

Trust: 2.25

sources: NVD: CVE-2022-25752 // JVNDB: JVNDB-2022-001597 // CNVD: CNVD-2022-28485 // VULMON: CVE-2022-25752

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-28485

AFFECTED PRODUCTS

vendor:siemensmodel:scalance xr324-4m eecscope:ltversion:4.1.4

Trust: 1.6

vendor:siemensmodel:scalance xr324-4m poescope:ltversion:4.1.4

Trust: 1.6

vendor:siemensmodel:scalance xr324-4m poe tsscope:ltversion:4.1.4

Trust: 1.6

vendor:siemensmodel:scalance xr324-12mscope:ltversion:4.1.4

Trust: 1.6

vendor:siemensmodel:scalance xr324-12m tsscope:ltversion:4.1.4

Trust: 1.6

vendor:siemensmodel:scalance x308-2mscope:ltversion:4.1.4

Trust: 1.6

vendor:siemensmodel:scalance x307-3ldscope:ltversion:4.1.4

Trust: 1.6

vendor:siemensmodel:scalance x304-2fescope:ltversion:4.1.4

Trust: 1.6

vendor:siemensmodel:scalance x310fescope:ltversion:4.1.4

Trust: 1.6

vendor:siemensmodel:scalance x308-2m tsscope:ltversion:4.1.4

Trust: 1.6

vendor:siemensmodel:scalance x308-2ldscope:ltversion:4.1.4

Trust: 1.6

vendor:siemensmodel:scalance x308-2lhscope:ltversion:4.1.4

Trust: 1.6

vendor:siemensmodel:scalance x302-7eecscope:ltversion:4.1.4

Trust: 1.0

vendor:siemensmodel:scalance x308-2scope:ltversion:4.1.4

Trust: 1.0

vendor:siemensmodel:scalance x307-2eecscope:ltversion:4.1.4

Trust: 1.0

vendor:siemensmodel:scalance x320-1-2ldfescope:ltversion:4.1.4

Trust: 1.0

vendor:siemensmodel:scalance x310scope:ltversion:4.1.4

Trust: 1.0

vendor:siemensmodel:scalance x408-2scope:ltversion:4.1.4

Trust: 1.0

vendor:siemensmodel:scalance x306-1ldfescope:ltversion:4.1.4

Trust: 1.0

vendor:siemensmodel:scalance x308-2m poescope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance x308-2lh\+scope:ltversion:4.1.4

Trust: 1.0

vendor:siemensmodel:siplus net scalance x308-2scope:ltversion:4.1.4

Trust: 1.0

vendor:siemensmodel:scalance x320-1fescope:ltversion:4.1.4

Trust: 1.0

vendor:siemensmodel:scalance x307-3scope:ltversion:4.1.4

Trust: 1.0

vendor:シーメンスmodel:scalance x304-2fescope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance x307-3ldscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance x307-3scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance x308-2scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance x307-2eecscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance x308-2ldscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance x308-2lh+scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance x308-2lhscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance x306-1ldfescope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance x302-7eecscope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance fescope:eqversion:x320-1<4.1.4

Trust: 0.6

vendor:siemensmodel:scalance x320-1-2ld fescope:ltversion:4.1.4

Trust: 0.6

vendor:siemensmodel:scalancescope:eqversion:x408-2<4.1.4

Trust: 0.6

vendor:siemensmodel:siplus net scalancescope:eqversion:x308-2<4.1.4

Trust: 0.6

vendor:siemensmodel:scalancescope:eqversion:x307-3<4.1.4

Trust: 0.6

vendor:siemensmodel:scalance eecscope:eqversion:x307-2<4.1.4

Trust: 0.6

vendor:siemensmodel:scalance x306-1ld fescope:ltversion:4.1.4

Trust: 0.6

vendor:siemensmodel:scalance eecscope:eqversion:x302-7<4.1.4

Trust: 0.6

vendor:siemensmodel:scalancescope:eqversion:x310<4.1.4

Trust: 0.6

vendor:siemensmodel:scalance x308-2m poescope:ltversion:4.1.4

Trust: 0.6

vendor:siemensmodel:scalancescope:eqversion:x308-2<4.1.4

Trust: 0.6

vendor:siemensmodel:scalance x308-2lh+scope:ltversion:4.1.4

Trust: 0.6

sources: CNVD: CNVD-2022-28485 // JVNDB: JVNDB-2022-001597 // NVD: CVE-2022-25752

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-25752
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-25752
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2022-28485
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202204-3140
value: CRITICAL

Trust: 0.6

VULMON: CVE-2022-25752
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-25752
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-28485
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-25752
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-25752
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-28485 // VULMON: CVE-2022-25752 // JVNDB: JVNDB-2022-001597 // CNNVD: CNNVD-202204-3140 // NVD: CVE-2022-25752

PROBLEMTYPE DATA

problemtype:CWE-330

Trust: 1.0

problemtype:Use of insufficient random values (CWE-330) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-001597 // NVD: CVE-2022-25752

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-3140

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-202204-3140

PATCH

title:SSA-836527url:https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf

Trust: 0.8

title:Patch for Unknown Vulnerability in Siemens SCALANCE X-300 Switch Family Devicesurl:https://www.cnvd.org.cn/patchInfo/show/329306

Trust: 0.6

title:Multiple Siemens Repair measures for product security feature vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190130

Trust: 0.6

sources: CNVD: CNVD-2022-28485 // JVNDB: JVNDB-2022-001597 // CNNVD: CNNVD-202204-3140

EXTERNAL IDS

db:NVDid:CVE-2022-25752

Trust: 3.9

db:SIEMENSid:SSA-836527

Trust: 2.3

db:ICS CERTid:ICSA-22-104-09

Trust: 0.9

db:JVNid:JVNVU91165555

Trust: 0.8

db:JVNDBid:JVNDB-2022-001597

Trust: 0.8

db:CNVDid:CNVD-2022-28485

Trust: 0.6

db:CNNVDid:CNNVD-202204-3140

Trust: 0.6

db:VULMONid:CVE-2022-25752

Trust: 0.1

sources: CNVD: CNVD-2022-28485 // VULMON: CVE-2022-25752 // JVNDB: JVNDB-2022-001597 // CNNVD: CNNVD-202204-3140 // NVD: CVE-2022-25752

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf

Trust: 2.3

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-09

Trust: 0.9

url:https://jvn.jp/vu/jvnvu91165555/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-25752

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-25752/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/330.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-28485 // VULMON: CVE-2022-25752 // JVNDB: JVNDB-2022-001597 // CNNVD: CNNVD-202204-3140 // NVD: CVE-2022-25752

SOURCES

db:CNVDid:CNVD-2022-28485
db:VULMONid:CVE-2022-25752
db:JVNDBid:JVNDB-2022-001597
db:CNNVDid:CNNVD-202204-3140
db:NVDid:CVE-2022-25752

LAST UPDATE DATE

2024-08-14T13:42:55.156000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-28485date:2022-04-13T00:00:00
db:VULMONid:CVE-2022-25752date:2022-04-19T00:00:00
db:JVNDBid:JVNDB-2022-001597date:2022-04-26T09:02:00
db:CNNVDid:CNNVD-202204-3140date:2022-04-20T00:00:00
db:NVDid:CVE-2022-25752date:2022-04-19T18:07:50.140

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-28485date:2022-04-13T00:00:00
db:VULMONid:CVE-2022-25752date:2022-04-12T00:00:00
db:JVNDBid:JVNDB-2022-001597date:2022-04-26T00:00:00
db:CNNVDid:CNNVD-202204-3140date:2022-04-12T00:00:00
db:NVDid:CVE-2022-25752date:2022-04-12T09:15:14.650