ID

VAR-202204-0501


CVE

CVE-2022-25751


TITLE

plural  SCALANCE  Product input verification vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2022-001578

DESCRIPTION

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the HTTP headers of incoming requests. This could allow an unauthenticated remote attacker to crash affected devices. plural SCALANCE The product contains an input verification vulnerability.Denial of service (DoS) It may be put into a state. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLC) or human machine interfaces (HMI). SIPLUS extreme is designed for reliable operation under extreme conditions

Trust: 2.25

sources: NVD: CVE-2022-25751 // JVNDB: JVNDB-2022-001578 // CNVD: CNVD-2022-28486 // VULMON: CVE-2022-25751

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-28486

AFFECTED PRODUCTS

vendor:siemensmodel:scalance xr324-4m eecscope:ltversion:4.1.4

Trust: 1.6

vendor:siemensmodel:scalance xr324-4m poescope:ltversion:4.1.4

Trust: 1.6

vendor:siemensmodel:scalance xr324-4m poe tsscope:ltversion:4.1.4

Trust: 1.6

vendor:siemensmodel:scalance xr324-12mscope:ltversion:4.1.4

Trust: 1.6

vendor:siemensmodel:scalance xr324-12m tsscope:ltversion:4.1.4

Trust: 1.6

vendor:siemensmodel:scalance x308-2mscope:ltversion:4.1.4

Trust: 1.6

vendor:siemensmodel:scalance x307-3ldscope:ltversion:4.1.4

Trust: 1.6

vendor:siemensmodel:scalance x304-2fescope:ltversion:4.1.4

Trust: 1.6

vendor:siemensmodel:scalance x310fescope:ltversion:4.1.4

Trust: 1.6

vendor:siemensmodel:scalance x308-2m tsscope:ltversion:4.1.4

Trust: 1.6

vendor:siemensmodel:scalance x308-2ldscope:ltversion:4.1.4

Trust: 1.6

vendor:siemensmodel:scalance x308-2lhscope:ltversion:4.1.4

Trust: 1.6

vendor:siemensmodel:scalance x302-7eecscope:ltversion:4.1.4

Trust: 1.0

vendor:siemensmodel:scalance x308-2scope:ltversion:4.1.4

Trust: 1.0

vendor:siemensmodel:scalance x307-2eecscope:ltversion:4.1.4

Trust: 1.0

vendor:siemensmodel:scalance x320-1-2ldfescope:ltversion:4.1.4

Trust: 1.0

vendor:siemensmodel:scalance x310scope:ltversion:4.1.4

Trust: 1.0

vendor:siemensmodel:scalance x408-2scope:ltversion:4.1.4

Trust: 1.0

vendor:siemensmodel:scalance x306-1ldfescope:ltversion:4.1.4

Trust: 1.0

vendor:siemensmodel:scalance x308-2m poescope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance x308-2lh\+scope:ltversion:4.1.4

Trust: 1.0

vendor:siemensmodel:siplus net scalance x308-2scope:ltversion:4.1.4

Trust: 1.0

vendor:siemensmodel:scalance x320-1fescope:ltversion:4.1.4

Trust: 1.0

vendor:siemensmodel:scalance x307-3scope:ltversion:4.1.4

Trust: 1.0

vendor:シーメンスmodel:scalance x304-2fescope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance x307-3ldscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance x307-3scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance x308-2scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance x307-2eecscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance x308-2ldscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance x308-2lh+scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance x308-2lhscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance x306-1ldfescope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance x302-7eecscope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance fescope:eqversion:x320-1<4.1.4

Trust: 0.6

vendor:siemensmodel:scalance x320-1-2ld fescope:ltversion:4.1.4

Trust: 0.6

vendor:siemensmodel:scalancescope:eqversion:x408-2<4.1.4

Trust: 0.6

vendor:siemensmodel:siplus net scalancescope:eqversion:x308-2<4.1.4

Trust: 0.6

vendor:siemensmodel:scalancescope:eqversion:x307-3<4.1.4

Trust: 0.6

vendor:siemensmodel:scalance eecscope:eqversion:x307-2<4.1.4

Trust: 0.6

vendor:siemensmodel:scalance x306-1ld fescope:ltversion:4.1.4

Trust: 0.6

vendor:siemensmodel:scalance eecscope:eqversion:x302-7<4.1.4

Trust: 0.6

vendor:siemensmodel:scalancescope:eqversion:x310<4.1.4

Trust: 0.6

vendor:siemensmodel:scalance x308-2m poescope:ltversion:4.1.4

Trust: 0.6

vendor:siemensmodel:scalancescope:eqversion:x308-2<4.1.4

Trust: 0.6

vendor:siemensmodel:scalance x308-2lh+scope:ltversion:4.1.4

Trust: 0.6

sources: CNVD: CNVD-2022-28486 // JVNDB: JVNDB-2022-001578 // NVD: CVE-2022-25751

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-25751
value: HIGH

Trust: 1.0

NVD: CVE-2022-25751
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-28486
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202204-3142
value: HIGH

Trust: 0.6

VULMON: CVE-2022-25751
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-25751
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-28486
severity: MEDIUM
baseScore: 6.8
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-25751
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-25751
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-28486 // VULMON: CVE-2022-25751 // JVNDB: JVNDB-2022-001578 // CNNVD: CNNVD-202204-3142 // NVD: CVE-2022-25751

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:Incorrect input confirmation (CWE-20) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-001578 // NVD: CVE-2022-25751

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-3142

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202204-3142

PATCH

title:SSA-836527url:https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf

Trust: 0.8

title:Patch for Siemens SCALANCE X-300 Switch Family Devices Input Validation Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/329281

Trust: 0.6

title:Multiple Siemens Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190132

Trust: 0.6

sources: CNVD: CNVD-2022-28486 // JVNDB: JVNDB-2022-001578 // CNNVD: CNNVD-202204-3142

EXTERNAL IDS

db:NVDid:CVE-2022-25751

Trust: 3.9

db:SIEMENSid:SSA-836527

Trust: 2.3

db:ICS CERTid:ICSA-22-104-09

Trust: 1.5

db:JVNid:JVNVU91165555

Trust: 0.8

db:JVNDBid:JVNDB-2022-001578

Trust: 0.8

db:CNVDid:CNVD-2022-28486

Trust: 0.6

db:CNNVDid:CNNVD-202204-3142

Trust: 0.6

db:VULMONid:CVE-2022-25751

Trust: 0.1

sources: CNVD: CNVD-2022-28486 // VULMON: CVE-2022-25751 // JVNDB: JVNDB-2022-001578 // CNNVD: CNNVD-202204-3142 // NVD: CVE-2022-25751

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf

Trust: 2.3

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-09

Trust: 0.9

url:http://jvn.jp/vu/jvnvu91165555/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-25751

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-25751/

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-104-09

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-28486 // VULMON: CVE-2022-25751 // JVNDB: JVNDB-2022-001578 // CNNVD: CNNVD-202204-3142 // NVD: CVE-2022-25751

CREDITS

Michael Messner and Abian Blome of Siemens Energy coordinated the disclosure of CVE-2022-25751 and CVE-2022-25756 to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202204-3142

SOURCES

db:CNVDid:CNVD-2022-28486
db:VULMONid:CVE-2022-25751
db:JVNDBid:JVNDB-2022-001578
db:CNNVDid:CNNVD-202204-3142
db:NVDid:CVE-2022-25751

LAST UPDATE DATE

2024-08-14T13:42:55.028000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-28486date:2022-04-13T00:00:00
db:VULMONid:CVE-2022-25751date:2022-04-19T00:00:00
db:JVNDBid:JVNDB-2022-001578date:2022-04-25T08:16:00
db:CNNVDid:CNNVD-202204-3142date:2022-04-20T00:00:00
db:NVDid:CVE-2022-25751date:2022-04-19T16:39:26.917

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-28486date:2022-04-13T00:00:00
db:VULMONid:CVE-2022-25751date:2022-04-12T00:00:00
db:JVNDBid:JVNDB-2022-001578date:2022-04-25T00:00:00
db:CNNVDid:CNNVD-202204-3142date:2022-04-12T00:00:00
db:NVDid:CVE-2022-25751date:2022-04-12T09:15:14.597