Details of VAR-202208-0611

ID

VAR-202208-0611

CVE

CVE-2022-36323

TITLE

Vulnerabilities in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2022-014933

DESCRIPTION

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. SCALANCE M-800 firmware, SCALANCE S615 firmware, SCALANCE SC-600 Multiple Siemens products such as firmware have unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 industrial routers are used for secure remote access to plants via mobile networks (e.g. GPRS or UMTS) and have integrated security functions of firewalls to prevent unauthorized access, as well as VPNs to Secure data transmission. SCALANCE SC-600 devices (SC622-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C) are used to protect trusted industrial networks from untrusted network attacks. They allow filtering incoming and outgoing network connections in different ways. The SCALANCE W-1700 product is a wireless communication device based on the IEEE 802.11ac standard. SCALANCE W-700 products are wireless communication devices based on the IEEE 802.11ax standard. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLC) or human machine interfaces (HMI). A command injection vulnerability exists in Siemens SCALANCE products, which results from an affected device failing to properly filter input fields. A vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE SC-600 family (All versions < V2.3.1), SCALANCE W-1700 IEEE 802.11ac family (All versions), SCALANCE W-700 IEEE 802.11ax family (All versions), SCALANCE W-700 IEEE 802.11n family (All versions), SCALANCE XB-200 switch family (All versions), SCALANCE XC-200 switch family (All versions), SCALANCE XF-200BA switch family (All versions), SCALANCE XM-400 Family (All versions), SCALANCE XP-200 switch family (All versions), SCALANCE XR-300WG switch family (All versions), SCALANCE XR-500 Family (All versions)

Trust: 2.25

sources: NVD: CVE-2022-36323 // JVNDB: JVNDB-2022-014933 // CNVD: CNVD-2022-56476 // VULMON: CVE-2022-36323

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-56476

AFFECTED PRODUCTS

vendor:	siemens	model:	scalance xr552-12m 2hr2	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xc206-2g poe eec	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xc224-4c g \	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance w700 ieee 802.11ac	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xc206-2sfp g \	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xb216	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr524-8c	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xb205-3	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xc224	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance sc-600	scope:	lt	version:	2.3.1	Trust: 1.0
vendor:	siemens	model:	scalance xb208	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr324-4m poe ts	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr324wg	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr524-8c l3	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xc206-2sfp g	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xc216-4c g eec	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xc216-4c g \	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr528-6m l3	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance sc642-2c	scope:	lt	version:	2.3.1	Trust: 1.0
vendor:	siemens	model:	scalance sc632-2c	scope:	lt	version:	2.3.1	Trust: 1.0
vendor:	siemens	model:	scalance xr324-12m ts	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xc-200	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr324-4m poe	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr528-6m	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xf204-2ba irt	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xm400	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr-300eec	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xc208	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr500	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xc216	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xp208 \	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance w700 ieee 802.11n	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xb213-3	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xc216eec	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xm408-8c l3	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xp216	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xp216poe eec	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr552-12m	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xm416-4c l3	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xc208g \	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xc224-4c g	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr552	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr-300	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xc224-4c g eec	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr328-4c wg	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xc206-2g poe	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xc206-2sfp g eec	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xp208poe eec	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr526-8c	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xc216-4c g	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xb-200	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xb205-3ld	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance sc636-2c	scope:	lt	version:	2.3.1	Trust: 1.0
vendor:	siemens	model:	scalance xc206-2sfp eec	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xp216 \	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xf204-2ba dna	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xf-200ba	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr528-6m 2hr2	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xc208eec	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xp208	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xm408-8c	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr-300poe	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr552-12m 2hr2 l3	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xc208g poe	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance w700 ieee 802.11ax	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xb213-3ld	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xc206-2	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xm408-4c	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xm408-4c l3	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr326-2c poe wg	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr552-12	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xp208eec	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr324-12m	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr524	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xp-200	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance s615	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xc208g eec	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr528-6m 2hr2 l3	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xp216eec	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr324-4m eec	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr528	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance sc622-2c	scope:	lt	version:	2.3.1	Trust: 1.0
vendor:	siemens	model:	scalance xc208g	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance sc646-2c	scope:	lt	version:	2.3.1	Trust: 1.0
vendor:	siemens	model:	scalance xc216-4c	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance m-800	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xm416-4c	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr526-8c l3	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr526	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance xr-300wg	scope:	eq	version:	*	Trust: 1.0
vendor:	シーメンス	model:	scalance sc-646-2c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance xb205-3	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance sc-600	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance xc206-2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance xb-200	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance w700 ieee 802.11ax	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance xb216	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance sc-622-2c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance xc-200	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance m-800	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance xb213-3ld	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance sc-632-2c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance xb213-3	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance sc-642-2c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance w700 ieee 802.11ac	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance w700 ieee 802.11n	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance xb205-3ld	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance sc-636-2c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance s615	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance xb208	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	scalance m-800 s615	scope:	eq	version:	/	Trust: 0.6
vendor:	siemens	model:	scalance sc-600 family	scope:	lt	version:	v2.3.1	Trust: 0.6
vendor:	siemens	model:	scalance w-700 ieee 802.11ax family	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	scalance w-700 ieee 802.11n family	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	scalance w-1700 ieee 802.11ac family	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	scalance xb-200 switch family	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	scalance xc-200 switch family	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	scalance xf-200ba switch family	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	scalance xm-400 family	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	scalance xp-200 switch family	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	scalance xr-300wg switch family	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	scalance xr-500 family	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-56476 // JVNDB: JVNDB-2022-014933 // NVD: CVE-2022-36323

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2022-36323
value:	CRITICAL
Trust: 1.0
nvd@nist.gov:	CVE-2022-36323
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2022-014933
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2022-56476
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202208-2715
value:	CRITICAL
Trust: 0.6

CNVD:	CNVD-2022-56476
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:	CVE-2022-36323
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.3
impactScore:	6.0
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2022-36323
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2022-014933
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-56476 // JVNDB: JVNDB-2022-014933 // CNNVD: CNNVD-202208-2715 // NVD: CVE-2022-36323 // NVD: CVE-2022-36323

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-74	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-014933 // NVD: CVE-2022-36323

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202208-2715

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202208-2715

PATCH

title:	Patch for Siemens SCALANCE product command injection vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/343616	Trust: 0.6
title:	Siemens SCALANCE Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=243185	Trust: 0.6

sources: CNVD: CNVD-2022-56476 // CNNVD: CNNVD-202208-2715

EXTERNAL IDS

db:	NVD	id:	CVE-2022-36323	Trust: 3.9
db:	SIEMENS	id:	SSA-710008	Trust: 3.1
db:	ICS CERT	id:	ICSA-22-223-07	Trust: 1.5
db:	JVN	id:	JVNVU90767165	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-014933	Trust: 0.8
db:	CNVD	id:	CNVD-2022-56476	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.4032	Trust: 0.6
db:	CNNVD	id:	CNNVD-202208-2715	Trust: 0.6
db:	VULMON	id:	CVE-2022-36323	Trust: 0.1

sources: CNVD: CNVD-2022-56476 // VULMON: CVE-2022-36323 // JVNDB: JVNDB-2022-014933 // CNNVD: CNNVD-202208-2715 // NVD: CVE-2022-36323

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf	Trust: 2.5
url:	https://jvn.jp/vu/jvnvu90767165/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-36323	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-22-223-07	Trust: 0.8
url:	https://cert-portal.siemens.com/productcert/html/ssa-710008.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.4032	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-36323/	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-223-07	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/74.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-223-07	Trust: 0.1

sources: CNVD: CNVD-2022-56476 // VULMON: CVE-2022-36323 // JVNDB: JVNDB-2022-014933 // CNNVD: CNNVD-202208-2715 // NVD: CVE-2022-36323

CREDITS

Siemens has reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202208-2715

SOURCES

db:	CNVD	id:	CNVD-2022-56476
db:	VULMON	id:	CVE-2022-36323
db:	JVNDB	id:	JVNDB-2022-014933
db:	CNNVD	id:	CNNVD-202208-2715
db:	NVD	id:	CVE-2022-36323

LAST UPDATE DATE

2024-08-14T14:17:45.411000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-56476	date:	2022-08-12T00:00:00
db:	VULMON	id:	CVE-2022-36323	date:	2022-08-10T00:00:00
db:	JVNDB	id:	JVNDB-2022-014933	date:	2023-09-22T08:25:00
db:	CNNVD	id:	CNNVD-202208-2715	date:	2023-06-28T00:00:00
db:	NVD	id:	CVE-2022-36323	date:	2023-06-27T19:43:45.920

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-56476	date:	2022-08-12T00:00:00
db:	VULMON	id:	CVE-2022-36323	date:	2022-08-10T00:00:00
db:	JVNDB	id:	JVNDB-2022-014933	date:	2023-09-22T00:00:00
db:	CNNVD	id:	CNNVD-202208-2715	date:	2022-08-10T00:00:00
db:	NVD	id:	CVE-2022-36323	date:	2022-08-10T12:15:12.863