Details of VAR-202204-0501

ID

VAR-202204-0501

CVE

CVE-2022-25751

TITLE

plural SCALANCE Product input verification vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2022-001578

DESCRIPTION

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the HTTP headers of incoming requests. This could allow an unauthenticated remote attacker to crash affected devices. plural SCALANCE The product contains an input verification vulnerability.Denial of service (DoS) It may be put into a state. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLC) or human machine interfaces (HMI). SIPLUS extreme is designed for reliable operation under extreme conditions

Trust: 2.25

sources: NVD: CVE-2022-25751 // JVNDB: JVNDB-2022-001578 // CNVD: CNVD-2022-28486 // VULMON: CVE-2022-25751

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-28486

AFFECTED PRODUCTS

vendor:	siemens	model:	scalance xr324-4m eec	scope:	lt	version:	4.1.4	Trust: 1.6
vendor:	siemens	model:	scalance xr324-4m poe	scope:	lt	version:	4.1.4	Trust: 1.6
vendor:	siemens	model:	scalance xr324-4m poe ts	scope:	lt	version:	4.1.4	Trust: 1.6
vendor:	siemens	model:	scalance xr324-12m	scope:	lt	version:	4.1.4	Trust: 1.6
vendor:	siemens	model:	scalance xr324-12m ts	scope:	lt	version:	4.1.4	Trust: 1.6
vendor:	siemens	model:	scalance x308-2m	scope:	lt	version:	4.1.4	Trust: 1.6
vendor:	siemens	model:	scalance x307-3ld	scope:	lt	version:	4.1.4	Trust: 1.6
vendor:	siemens	model:	scalance x304-2fe	scope:	lt	version:	4.1.4	Trust: 1.6
vendor:	siemens	model:	scalance x310fe	scope:	lt	version:	4.1.4	Trust: 1.6
vendor:	siemens	model:	scalance x308-2m ts	scope:	lt	version:	4.1.4	Trust: 1.6
vendor:	siemens	model:	scalance x308-2ld	scope:	lt	version:	4.1.4	Trust: 1.6
vendor:	siemens	model:	scalance x308-2lh	scope:	lt	version:	4.1.4	Trust: 1.6
vendor:	siemens	model:	scalance x302-7eec	scope:	lt	version:	4.1.4	Trust: 1.0
vendor:	siemens	model:	scalance x308-2	scope:	lt	version:	4.1.4	Trust: 1.0
vendor:	siemens	model:	scalance x307-2eec	scope:	lt	version:	4.1.4	Trust: 1.0
vendor:	siemens	model:	scalance x320-1-2ldfe	scope:	lt	version:	4.1.4	Trust: 1.0
vendor:	siemens	model:	scalance x310	scope:	lt	version:	4.1.4	Trust: 1.0
vendor:	siemens	model:	scalance x408-2	scope:	lt	version:	4.1.4	Trust: 1.0
vendor:	siemens	model:	scalance x306-1ldfe	scope:	lt	version:	4.1.4	Trust: 1.0
vendor:	siemens	model:	scalance x308-2m poe	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance x308-2lh\+	scope:	lt	version:	4.1.4	Trust: 1.0
vendor:	siemens	model:	siplus net scalance x308-2	scope:	lt	version:	4.1.4	Trust: 1.0
vendor:	siemens	model:	scalance x320-1fe	scope:	lt	version:	4.1.4	Trust: 1.0
vendor:	siemens	model:	scalance x307-3	scope:	lt	version:	4.1.4	Trust: 1.0
vendor:	シーメンス	model:	scalance x304-2fe	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance x307-3ld	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance x307-3	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance x308-2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance x307-2eec	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance x308-2ld	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance x308-2lh+	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance x308-2lh	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance x306-1ldfe	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance x302-7eec	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	scalance fe	scope:	eq	version:	x320-1<4.1.4	Trust: 0.6
vendor:	siemens	model:	scalance x320-1-2ld fe	scope:	lt	version:	4.1.4	Trust: 0.6
vendor:	siemens	model:	scalance	scope:	eq	version:	x408-2<4.1.4	Trust: 0.6
vendor:	siemens	model:	siplus net scalance	scope:	eq	version:	x308-2<4.1.4	Trust: 0.6
vendor:	siemens	model:	scalance	scope:	eq	version:	x307-3<4.1.4	Trust: 0.6
vendor:	siemens	model:	scalance eec	scope:	eq	version:	x307-2<4.1.4	Trust: 0.6
vendor:	siemens	model:	scalance x306-1ld fe	scope:	lt	version:	4.1.4	Trust: 0.6
vendor:	siemens	model:	scalance eec	scope:	eq	version:	x302-7<4.1.4	Trust: 0.6
vendor:	siemens	model:	scalance	scope:	eq	version:	x310<4.1.4	Trust: 0.6
vendor:	siemens	model:	scalance x308-2m poe	scope:	lt	version:	4.1.4	Trust: 0.6
vendor:	siemens	model:	scalance	scope:	eq	version:	x308-2<4.1.4	Trust: 0.6
vendor:	siemens	model:	scalance x308-2lh+	scope:	lt	version:	4.1.4	Trust: 0.6

sources: CNVD: CNVD-2022-28486 // JVNDB: JVNDB-2022-001578 // NVD: CVE-2022-25751

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-25751
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-25751
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-28486
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202204-3142
value:	HIGH
Trust: 0.6
VULMON:	CVE-2022-25751
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-25751
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-28486
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-25751
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-25751
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-28486 // VULMON: CVE-2022-25751 // JVNDB: JVNDB-2022-001578 // CNNVD: CNNVD-202204-3142 // NVD: CVE-2022-25751

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	Incorrect input confirmation (CWE-20) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-001578 // NVD: CVE-2022-25751

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-3142

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202204-3142

PATCH

title:	SSA-836527	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf	Trust: 0.8
title:	Patch for Siemens SCALANCE X-300 Switch Family Devices Input Validation Error Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/329281	Trust: 0.6
title:	Multiple Siemens Product input verification error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190132	Trust: 0.6

sources: CNVD: CNVD-2022-28486 // JVNDB: JVNDB-2022-001578 // CNNVD: CNNVD-202204-3142

EXTERNAL IDS

db:	NVD	id:	CVE-2022-25751	Trust: 3.9
db:	SIEMENS	id:	SSA-836527	Trust: 2.3
db:	ICS CERT	id:	ICSA-22-104-09	Trust: 1.5
db:	JVN	id:	JVNVU91165555	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-001578	Trust: 0.8
db:	CNVD	id:	CNVD-2022-28486	Trust: 0.6
db:	CNNVD	id:	CNNVD-202204-3142	Trust: 0.6
db:	VULMON	id:	CVE-2022-25751	Trust: 0.1

sources: CNVD: CNVD-2022-28486 // VULMON: CVE-2022-25751 // JVNDB: JVNDB-2022-001578 // CNNVD: CNNVD-202204-3142 // NVD: CVE-2022-25751

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf	Trust: 2.3
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-09	Trust: 0.9
url:	http://jvn.jp/vu/jvnvu91165555/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25751	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-25751/	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-104-09	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-28486 // VULMON: CVE-2022-25751 // JVNDB: JVNDB-2022-001578 // CNNVD: CNNVD-202204-3142 // NVD: CVE-2022-25751

CREDITS

Michael Messner and Abian Blome of Siemens Energy coordinated the disclosure of CVE-2022-25751 and CVE-2022-25756 to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202204-3142

SOURCES

db:	CNVD	id:	CNVD-2022-28486
db:	VULMON	id:	CVE-2022-25751
db:	JVNDB	id:	JVNDB-2022-001578
db:	CNNVD	id:	CNNVD-202204-3142
db:	NVD	id:	CVE-2022-25751

LAST UPDATE DATE

2024-08-14T13:42:55.028000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-28486	date:	2022-04-13T00:00:00
db:	VULMON	id:	CVE-2022-25751	date:	2022-04-19T00:00:00
db:	JVNDB	id:	JVNDB-2022-001578	date:	2022-04-25T08:16:00
db:	CNNVD	id:	CNNVD-202204-3142	date:	2022-04-20T00:00:00
db:	NVD	id:	CVE-2022-25751	date:	2022-04-19T16:39:26.917

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-28486	date:	2022-04-13T00:00:00
db:	VULMON	id:	CVE-2022-25751	date:	2022-04-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-001578	date:	2022-04-25T00:00:00
db:	CNNVD	id:	CNNVD-202204-3142	date:	2022-04-12T00:00:00
db:	NVD	id:	CVE-2022-25751	date:	2022-04-12T09:15:14.597