CVE-2022-25753
Summary
| CVE | CVE-2022-25753 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-04-12 09:15:00 UTC |
| Updated | 2022-04-19 18:11:00 UTC |
| Description | A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The handling of arguments such as IP addresses in the CLI of affected devices is prone to buffer overflows. This could allow an authenticated remote attacker to execute arbitrary code on the device. |
Risk And Classification
Problem Types: CWE-787
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Siemens | Scalance X302-7eec | - | All | All | All |
| Operating System | Siemens | Scalance X302-7eec Firmware | All | All | All | All |
| Hardware | Siemens | Scalance X304-2fe | - | All | All | All |
| Operating System | Siemens | Scalance X304-2fe Firmware | All | All | All | All |
| Hardware | Siemens | Scalance X306-1ldfe | - | All | All | All |
| Operating System | Siemens | Scalance X306-1ldfe Firmware | All | All | All | All |
| Hardware | Siemens | Scalance X307-2eec | - | All | All | All |
| Operating System | Siemens | Scalance X307-2eec Firmware | All | All | All | All |
| Hardware | Siemens | Scalance X307-3 | - | All | All | All |
| Hardware | Siemens | Scalance X307-3ld | - | All | All | All |
| Operating System | Siemens | Scalance X307-3ld Firmware | All | All | All | All |
| Operating System | Siemens | Scalance X307-3 Firmware | All | All | All | All |
| Hardware | Siemens | Scalance X308-2 | - | All | All | All |
| Hardware | Siemens | Scalance X308-2ld | - | All | All | All |
| Operating System | Siemens | Scalance X308-2ld Firmware | All | All | All | All |
| Hardware | Siemens | Scalance X308-2lh | - | All | All | All |
| Hardware | Siemens | Scalance X308-2lh | - | All | All | All |
| Operating System | Siemens | Scalance X308-2lh Firmware | All | All | All | All |
| Operating System | Siemens | Scalance X308-2lh Firmware | All | All | All | All |
| Hardware | Siemens | Scalance X308-2m | - | All | All | All |
| Operating System | Siemens | Scalance X308-2m Firmware | All | All | All | All |
| Hardware | Siemens | Scalance X308-2m Poe | - | All | All | All |
| Operating System | Siemens | Scalance X308-2m Poe Firmware | - | All | All | All |
| Hardware | Siemens | Scalance X308-2m Ts | - | All | All | All |
| Operating System | Siemens | Scalance X308-2m Ts Firmware | All | All | All | All |
| Operating System | Siemens | Scalance X308-2 Firmware | All | All | All | All |
| Hardware | Siemens | Scalance X310 | - | All | All | All |
| Hardware | Siemens | Scalance X310fe | - | All | All | All |
| Operating System | Siemens | Scalance X310fe Firmware | All | All | All | All |
| Operating System | Siemens | Scalance X310 Firmware | All | All | All | All |
| Hardware | Siemens | Scalance X320-1-2ldfe | - | All | All | All |
| Operating System | Siemens | Scalance X320-1-2ldfe Firmware | All | All | All | All |
| Hardware | Siemens | Scalance X320-1fe | - | All | All | All |
| Operating System | Siemens | Scalance X320-1fe Firmware | All | All | All | All |
| Hardware | Siemens | Scalance X408-2 | - | All | All | All |
| Operating System | Siemens | Scalance X408-2 Firmware | All | All | All | All |
| Hardware | Siemens | Scalance Xr324-12m | - | All | All | All |
| Operating System | Siemens | Scalance Xr324-12m Firmware | All | All | All | All |
| Hardware | Siemens | Scalance Xr324-12m Ts | - | All | All | All |
| Operating System | Siemens | Scalance Xr324-12m Ts Firmware | All | All | All | All |
| Hardware | Siemens | Scalance Xr324-4m Eec | - | All | All | All |
| Operating System | Siemens | Scalance Xr324-4m Eec Firmware | All | All | All | All |
| Hardware | Siemens | Scalance Xr324-4m Poe | - | All | All | All |
| Operating System | Siemens | Scalance Xr324-4m Poe Firmware | All | All | All | All |
| Hardware | Siemens | Scalance Xr324-4m Poe Ts | - | All | All | All |
| Operating System | Siemens | Scalance Xr324-4m Poe Ts Firmware | All | All | All | All |
| Hardware | Siemens | Siplus Net Scalance X308-2 | - | All | All | All |
| Operating System | Siemens | Siplus Net Scalance X308-2 Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| N/A | CONFIRM | cert-portal.siemens.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 591034 Siemens SCALANCE X-300 Switches Multiple Vulnerabilities (SSA-836527) (ICSA-22-104-09)