CVE-2022-26648

Summary

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices.

Affected Software

VendorProductVersion RangeStatus
SiemensSCALANCE X200-4P IRTAll versions < V5.5.2affected
SiemensSCALANCE X201-3P IRTAll versions < V5.5.2affected
SiemensSCALANCE X201-3P IRT PROAll versions < V5.5.2affected
SiemensSCALANCE X202-2IRTAll versions < V5.5.2affected
SiemensSCALANCE X202-2IRTAll versions < V5.5.2affected
SiemensSCALANCE X202-2P IRTAll versions < V5.5.2affected
SiemensSCALANCE X202-2P IRT PROAll versions < V5.5.2affected
SiemensSCALANCE X204-2All versions < V5.2.6affected
SiemensSCALANCE X204-2FMAll versions < V5.2.6affected
SiemensSCALANCE X204-2LDAll versions < V5.2.6affected
SiemensSCALANCE X204-2LD TSAll versions < V5.2.6affected
SiemensSCALANCE X204-2TSAll versions < V5.2.6affected
SiemensSCALANCE X204IRTAll versions < V5.5.2affected
SiemensSCALANCE X204IRTAll versions < V5.5.2affected
SiemensSCALANCE X204IRT PROAll versions < V5.5.2affected
SiemensSCALANCE X206-1All versions < V5.2.6affected
SiemensSCALANCE X206-1LDAll versions < V5.2.6affected
SiemensSCALANCE X208All versions < V5.2.6affected
SiemensSCALANCE X208PROAll versions < V5.2.6affected
SiemensSCALANCE X212-2All versions < V5.2.6affected
SiemensSCALANCE X212-2LDAll versions < V5.2.6affected
SiemensSCALANCE X216All versions < V5.2.6affected
SiemensSCALANCE X224All versions < V5.2.6affected
SiemensSCALANCE XF201-3P IRTAll versions < V5.5.2affected
SiemensSCALANCE XF202-2P IRTAll versions < V5.5.2affected
SiemensSCALANCE XF204All versions < V5.2.6affected
SiemensSCALANCE XF204-2All versions < V5.2.6affected
SiemensSCALANCE XF204-2BA IRTAll versions < V5.5.2affected
SiemensSCALANCE XF204IRTAll versions < V5.5.2affected
SiemensSCALANCE XF206-1All versions < V5.2.6affected
SiemensSCALANCE XF208All versions < V5.2.6affected

Weaknesses

  • CWE-120: CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References