ID

VAR-202208-0611


CVE

CVE-2022-36323


TITLE

Vulnerabilities in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2022-014933

DESCRIPTION

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. SCALANCE M-800 firmware, SCALANCE S615 firmware, SCALANCE SC-600 Multiple Siemens products such as firmware have unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 industrial routers are used for secure remote access to plants via mobile networks (e.g. GPRS or UMTS) and have integrated security functions of firewalls to prevent unauthorized access, as well as VPNs to Secure data transmission. SCALANCE SC-600 devices (SC622-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C) are used to protect trusted industrial networks from untrusted network attacks. They allow filtering incoming and outgoing network connections in different ways. The SCALANCE W-1700 product is a wireless communication device based on the IEEE 802.11ac standard. SCALANCE W-700 products are wireless communication devices based on the IEEE 802.11ax standard. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLC) or human machine interfaces (HMI). A command injection vulnerability exists in Siemens SCALANCE products, which results from an affected device failing to properly filter input fields. A vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE SC-600 family (All versions < V2.3.1), SCALANCE W-1700 IEEE 802.11ac family (All versions), SCALANCE W-700 IEEE 802.11ax family (All versions), SCALANCE W-700 IEEE 802.11n family (All versions), SCALANCE XB-200 switch family (All versions), SCALANCE XC-200 switch family (All versions), SCALANCE XF-200BA switch family (All versions), SCALANCE XM-400 Family (All versions), SCALANCE XP-200 switch family (All versions), SCALANCE XR-300WG switch family (All versions), SCALANCE XR-500 Family (All versions)

Trust: 2.25

sources: NVD: CVE-2022-36323 // JVNDB: JVNDB-2022-014933 // CNVD: CNVD-2022-56476 // VULMON: CVE-2022-36323

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-56476

AFFECTED PRODUCTS

vendor:siemensmodel:scalance xr552-12m 2hr2scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xc206-2g poe eecscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xc224-4c g \scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance w700 ieee 802.11acscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xc206-2sfp g \scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xb216scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr524-8cscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xb205-3scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xc224scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance sc-600scope:ltversion:2.3.1

Trust: 1.0

vendor:siemensmodel:scalance xb208scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr324-4m poe tsscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr324wgscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr524-8c l3scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xc206-2sfp gscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xc216-4c g eecscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xc216-4c g \scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr528-6m l3scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance sc642-2cscope:ltversion:2.3.1

Trust: 1.0

vendor:siemensmodel:scalance sc632-2cscope:ltversion:2.3.1

Trust: 1.0

vendor:siemensmodel:scalance xr324-12m tsscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xc-200scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr324-4m poescope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr528-6mscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xf204-2ba irtscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xm400scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr-300eecscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xc208scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr500scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xc216scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xp208 \scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance w700 ieee 802.11nscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xb213-3scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xc216eecscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xm408-8c l3scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xp216scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xp216poe eecscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr552-12mscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xm416-4c l3scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xc208g \scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xc224-4c gscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr552scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr-300scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xc224-4c g eecscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr328-4c wgscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xc206-2g poescope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xc206-2sfp g eecscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xp208poe eecscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr526-8cscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xc216-4c gscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xb-200scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xb205-3ldscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance sc636-2cscope:ltversion:2.3.1

Trust: 1.0

vendor:siemensmodel:scalance xc206-2sfp eecscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xp216 \scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xf204-2ba dnascope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xf-200bascope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr528-6m 2hr2scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xc208eecscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xp208scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xm408-8cscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr-300poescope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr552-12m 2hr2 l3scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xc208g poescope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance w700 ieee 802.11axscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xb213-3ldscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xc206-2scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xm408-4cscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xm408-4c l3scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr326-2c poe wgscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr552-12scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xp208eecscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr324-12mscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr524scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xp-200scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance s615scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xc208g eecscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr528-6m 2hr2 l3scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xp216eecscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr324-4m eecscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr528scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance sc622-2cscope:ltversion:2.3.1

Trust: 1.0

vendor:siemensmodel:scalance xc208gscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance sc646-2cscope:ltversion:2.3.1

Trust: 1.0

vendor:siemensmodel:scalance xc216-4cscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance m-800scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xm416-4cscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr526-8c l3scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr526scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr-300wgscope:eqversion:*

Trust: 1.0

vendor:シーメンスmodel:scalance sc-646-2cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance xb205-3scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance sc-600scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance xc206-2scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance xb-200scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance w700 ieee 802.11axscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance xb216scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance sc-622-2cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance xc-200scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m-800scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance xb213-3ldscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance sc-632-2cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance xb213-3scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance sc-642-2cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance w700 ieee 802.11acscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance w700 ieee 802.11nscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance xb205-3ldscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance sc-636-2cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance s615scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance xb208scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance m-800 s615scope:eqversion:/

Trust: 0.6

vendor:siemensmodel:scalance sc-600 familyscope:ltversion:v2.3.1

Trust: 0.6

vendor:siemensmodel:scalance w-700 ieee 802.11ax familyscope: - version: -

Trust: 0.6

vendor:siemensmodel:scalance w-700 ieee 802.11n familyscope: - version: -

Trust: 0.6

vendor:siemensmodel:scalance w-1700 ieee 802.11ac familyscope: - version: -

Trust: 0.6

vendor:siemensmodel:scalance xb-200 switch familyscope: - version: -

Trust: 0.6

vendor:siemensmodel:scalance xc-200 switch familyscope: - version: -

Trust: 0.6

vendor:siemensmodel:scalance xf-200ba switch familyscope: - version: -

Trust: 0.6

vendor:siemensmodel:scalance xm-400 familyscope: - version: -

Trust: 0.6

vendor:siemensmodel:scalance xp-200 switch familyscope: - version: -

Trust: 0.6

vendor:siemensmodel:scalance xr-300wg switch familyscope: - version: -

Trust: 0.6

vendor:siemensmodel:scalance xr-500 familyscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2022-56476 // JVNDB: JVNDB-2022-014933 // NVD: CVE-2022-36323

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2022-36323
value: CRITICAL

Trust: 1.0

nvd@nist.gov: CVE-2022-36323
value: HIGH

Trust: 1.0

OTHER: JVNDB-2022-014933
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2022-56476
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202208-2715
value: CRITICAL

Trust: 0.6

CNVD: CNVD-2022-56476
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com: CVE-2022-36323
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.3
impactScore: 6.0
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2022-36323
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2022-014933
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-56476 // JVNDB: JVNDB-2022-014933 // CNNVD: CNNVD-202208-2715 // NVD: CVE-2022-36323 // NVD: CVE-2022-36323

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-74

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-014933 // NVD: CVE-2022-36323

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202208-2715

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202208-2715

PATCH

title:Patch for Siemens SCALANCE product command injection vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/343616

Trust: 0.6

title:Siemens SCALANCE Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=243185

Trust: 0.6

sources: CNVD: CNVD-2022-56476 // CNNVD: CNNVD-202208-2715

EXTERNAL IDS

db:NVDid:CVE-2022-36323

Trust: 3.9

db:SIEMENSid:SSA-710008

Trust: 3.1

db:ICS CERTid:ICSA-22-223-07

Trust: 1.5

db:JVNid:JVNVU90767165

Trust: 0.8

db:JVNDBid:JVNDB-2022-014933

Trust: 0.8

db:CNVDid:CNVD-2022-56476

Trust: 0.6

db:AUSCERTid:ESB-2022.4032

Trust: 0.6

db:CNNVDid:CNNVD-202208-2715

Trust: 0.6

db:VULMONid:CVE-2022-36323

Trust: 0.1

sources: CNVD: CNVD-2022-56476 // VULMON: CVE-2022-36323 // JVNDB: JVNDB-2022-014933 // CNNVD: CNNVD-202208-2715 // NVD: CVE-2022-36323

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf

Trust: 2.5

url:https://jvn.jp/vu/jvnvu90767165/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-36323

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-22-223-07

Trust: 0.8

url:https://cert-portal.siemens.com/productcert/html/ssa-710008.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.4032

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-36323/

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-223-07

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/74.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-223-07

Trust: 0.1

sources: CNVD: CNVD-2022-56476 // VULMON: CVE-2022-36323 // JVNDB: JVNDB-2022-014933 // CNNVD: CNNVD-202208-2715 // NVD: CVE-2022-36323

CREDITS

Siemens has reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202208-2715

SOURCES

db:CNVDid:CNVD-2022-56476
db:VULMONid:CVE-2022-36323
db:JVNDBid:JVNDB-2022-014933
db:CNNVDid:CNNVD-202208-2715
db:NVDid:CVE-2022-36323

LAST UPDATE DATE

2024-08-14T14:17:45.411000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-56476date:2022-08-12T00:00:00
db:VULMONid:CVE-2022-36323date:2022-08-10T00:00:00
db:JVNDBid:JVNDB-2022-014933date:2023-09-22T08:25:00
db:CNNVDid:CNNVD-202208-2715date:2023-06-28T00:00:00
db:NVDid:CVE-2022-36323date:2023-06-27T19:43:45.920

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-56476date:2022-08-12T00:00:00
db:VULMONid:CVE-2022-36323date:2022-08-10T00:00:00
db:JVNDBid:JVNDB-2022-014933date:2023-09-22T00:00:00
db:CNNVDid:CNNVD-202208-2715date:2022-08-10T00:00:00
db:NVDid:CVE-2022-36323date:2022-08-10T12:15:12.863