Search criteria

8 vulnerabilities found for scalance_x208_pro_firmware by siemens

CVE-2022-26649 (GCVE-0-2022-26649)

Vulnerability from nvd – Published: 2022-07-12 10:06 – Updated: 2025-04-21 13:51
VLAI?
Summary
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices.
Severity ?
9.6 (Critical)
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE
  • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
Vendor Product Version
Siemens SCALANCE X200-4P IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X201-3P IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X201-3P IRT PRO Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X202-2IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X202-2IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X202-2P IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X202-2P IRT PRO Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X204-2 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X204-2FM Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X204-2LD Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X204-2LD TS Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X204-2TS Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X204IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X204IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X204IRT PRO Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X206-1 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X206-1LD Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X208 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X208PRO Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X212-2 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X212-2LD Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X216 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X224 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE XF201-3P IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE XF202-2P IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE XF204 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE XF204-2 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE XF204-2BA IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE XF204IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE XF206-1 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE XF208 Affected: All versions < V5.2.6
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:11:43.372Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-26649",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-18T15:23:07.279089Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-21T13:51:58.286Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X200-4P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X201-3P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X201-3P IRT PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X202-2IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X202-2IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X202-2P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X202-2P IRT PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2FM",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2LD TS",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2TS",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204IRT PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X206-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X206-1LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X208",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X208PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X212-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X212-2LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X216",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X224",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF201-3P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF202-2P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204-2BA IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF206-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF208",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT PRO (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT PRO (All versions \u003c V5.5.2), SCALANCE X204-2 (All versions \u003c V5.2.6), SCALANCE X204-2FM (All versions \u003c V5.2.6), SCALANCE X204-2LD (All versions \u003c V5.2.6), SCALANCE X204-2LD TS (All versions \u003c V5.2.6), SCALANCE X204-2TS (All versions \u003c V5.2.6), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT PRO (All versions \u003c V5.5.2), SCALANCE X206-1 (All versions \u003c V5.2.6), SCALANCE X206-1LD (All versions \u003c V5.2.6), SCALANCE X208 (All versions \u003c V5.2.6), SCALANCE X208PRO (All versions \u003c V5.2.6), SCALANCE X212-2 (All versions \u003c V5.2.6), SCALANCE X212-2LD (All versions \u003c V5.2.6), SCALANCE X216 (All versions \u003c V5.2.6), SCALANCE X224 (All versions \u003c V5.2.6), SCALANCE XF201-3P IRT (All versions \u003c V5.5.2), SCALANCE XF202-2P IRT (All versions \u003c V5.5.2), SCALANCE XF204 (All versions \u003c V5.2.6), SCALANCE XF204-2 (All versions \u003c V5.2.6), SCALANCE XF204-2BA IRT (All versions \u003c V5.5.2), SCALANCE XF204IRT (All versions \u003c V5.5.2), SCALANCE XF206-1 (All versions \u003c V5.2.6), SCALANCE XF208 (All versions \u003c V5.2.6). Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-11T09:02:21.918Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2022-26649",
    "datePublished": "2022-07-12T10:06:35.000Z",
    "dateReserved": "2022-03-07T00:00:00.000Z",
    "dateUpdated": "2025-04-21T13:51:58.286Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-26648 (GCVE-0-2022-26648)

Vulnerability from nvd – Published: 2022-07-12 10:06 – Updated: 2025-04-21 13:52
VLAI?
Summary
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices.
Severity ?
8.2 (High)
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H/E:P/RL:O/RC:C
CWE
  • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
Vendor Product Version
Siemens SCALANCE X200-4P IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X201-3P IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X201-3P IRT PRO Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X202-2IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X202-2IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X202-2P IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X202-2P IRT PRO Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X204-2 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X204-2FM Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X204-2LD Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X204-2LD TS Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X204-2TS Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X204IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X204IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X204IRT PRO Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X206-1 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X206-1LD Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X208 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X208PRO Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X212-2 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X212-2LD Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X216 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X224 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE XF201-3P IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE XF202-2P IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE XF204 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE XF204-2 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE XF204-2BA IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE XF204IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE XF206-1 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE XF208 Affected: All versions < V5.2.6
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:11:43.481Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-26648",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-18T15:15:25.029715Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-21T13:52:07.405Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X200-4P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X201-3P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X201-3P IRT PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X202-2IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X202-2IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X202-2P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X202-2P IRT PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2FM",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2LD TS",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2TS",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204IRT PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X206-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X206-1LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X208",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X208PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X212-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X212-2LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X216",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X224",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF201-3P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF202-2P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204-2BA IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF206-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF208",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT PRO (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT PRO (All versions \u003c V5.5.2), SCALANCE X204-2 (All versions \u003c V5.2.6), SCALANCE X204-2FM (All versions \u003c V5.2.6), SCALANCE X204-2LD (All versions \u003c V5.2.6), SCALANCE X204-2LD TS (All versions \u003c V5.2.6), SCALANCE X204-2TS (All versions \u003c V5.2.6), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT PRO (All versions \u003c V5.5.2), SCALANCE X206-1 (All versions \u003c V5.2.6), SCALANCE X206-1LD (All versions \u003c V5.2.6), SCALANCE X208 (All versions \u003c V5.2.6), SCALANCE X208PRO (All versions \u003c V5.2.6), SCALANCE X212-2 (All versions \u003c V5.2.6), SCALANCE X212-2LD (All versions \u003c V5.2.6), SCALANCE X216 (All versions \u003c V5.2.6), SCALANCE X224 (All versions \u003c V5.2.6), SCALANCE XF201-3P IRT (All versions \u003c V5.5.2), SCALANCE XF202-2P IRT (All versions \u003c V5.5.2), SCALANCE XF204 (All versions \u003c V5.2.6), SCALANCE XF204-2 (All versions \u003c V5.2.6), SCALANCE XF204-2BA IRT (All versions \u003c V5.5.2), SCALANCE XF204IRT (All versions \u003c V5.5.2), SCALANCE XF206-1 (All versions \u003c V5.2.6), SCALANCE XF208 (All versions \u003c V5.2.6). Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-11T09:02:20.560Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2022-26648",
    "datePublished": "2022-07-12T10:06:34.000Z",
    "dateReserved": "2022-03-07T00:00:00.000Z",
    "dateUpdated": "2025-04-21T13:52:07.405Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-26647 (GCVE-0-2022-26647)

Vulnerability from nvd – Published: 2022-07-12 10:06 – Updated: 2025-04-21 13:52
VLAI?
Summary
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.
Severity ?
8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE
  • CWE-330 - Use of Insufficiently Random Values
Assigner
References
Impacted products
Vendor Product Version
Siemens SCALANCE X200-4P IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X201-3P IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X201-3P IRT PRO Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X202-2IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X202-2IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X202-2P IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X202-2P IRT PRO Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X204-2 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X204-2FM Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X204-2LD Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X204-2LD TS Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X204-2TS Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X204IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X204IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X204IRT PRO Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X206-1 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X206-1LD Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X208 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X208PRO Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X212-2 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X212-2LD Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X216 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X224 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE XF201-3P IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE XF202-2P IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE XF204 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE XF204-2 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE XF204-2BA IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE XF204IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE XF206-1 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE XF208 Affected: All versions < V5.2.6
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:11:43.345Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-26647",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-18T15:23:11.211353Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-21T13:52:17.065Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X200-4P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X201-3P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X201-3P IRT PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X202-2IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X202-2IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X202-2P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X202-2P IRT PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2FM",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2LD TS",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2TS",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204IRT PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X206-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X206-1LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X208",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X208PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X212-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X212-2LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X216",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X224",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF201-3P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF202-2P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204-2BA IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF206-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF208",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT PRO (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT PRO (All versions \u003c V5.5.2), SCALANCE X204-2 (All versions \u003c V5.2.6), SCALANCE X204-2FM (All versions \u003c V5.2.6), SCALANCE X204-2LD (All versions \u003c V5.2.6), SCALANCE X204-2LD TS (All versions \u003c V5.2.6), SCALANCE X204-2TS (All versions \u003c V5.2.6), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT PRO (All versions \u003c V5.5.2), SCALANCE X206-1 (All versions \u003c V5.2.6), SCALANCE X206-1LD (All versions \u003c V5.2.6), SCALANCE X208 (All versions \u003c V5.2.6), SCALANCE X208PRO (All versions \u003c V5.2.6), SCALANCE X212-2 (All versions \u003c V5.2.6), SCALANCE X212-2LD (All versions \u003c V5.2.6), SCALANCE X216 (All versions \u003c V5.2.6), SCALANCE X224 (All versions \u003c V5.2.6), SCALANCE XF201-3P IRT (All versions \u003c V5.5.2), SCALANCE XF202-2P IRT (All versions \u003c V5.5.2), SCALANCE XF204 (All versions \u003c V5.2.6), SCALANCE XF204-2 (All versions \u003c V5.2.6), SCALANCE XF204-2BA IRT (All versions \u003c V5.5.2), SCALANCE XF204IRT (All versions \u003c V5.5.2), SCALANCE XF206-1 (All versions \u003c V5.2.6), SCALANCE XF208 (All versions \u003c V5.2.6). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-330",
              "description": "CWE-330: Use of Insufficiently Random Values",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-11T09:02:19.204Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2022-26647",
    "datePublished": "2022-07-12T10:06:32.000Z",
    "dateReserved": "2022-03-07T00:00:00.000Z",
    "dateUpdated": "2025-04-21T13:52:17.065Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-29998 (GCVE-0-2021-29998)

Vulnerability from nvd – Published: 2021-04-13 16:16 – Updated: 2024-08-03 22:24
VLAI?
Summary
An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:24:59.358Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support2.windriver.com/index.php?page=security-notices"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-12"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-910883.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-12T10:06:15",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support2.windriver.com/index.php?page=security-notices"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-12"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-910883.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-29998",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support2.windriver.com/index.php?page=security-notices",
              "refsource": "MISC",
              "url": "https://support2.windriver.com/index.php?page=security-notices"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-12",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-12"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-910883.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-910883.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-29998",
    "datePublished": "2021-04-13T16:16:51",
    "dateReserved": "2021-04-02T00:00:00",
    "dateUpdated": "2024-08-03T22:24:59.358Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-26649 (GCVE-0-2022-26649)

Vulnerability from cvelistv5 – Published: 2022-07-12 10:06 – Updated: 2025-04-21 13:51
VLAI?
Summary
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices.
Severity ?
9.6 (Critical)
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE
  • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
Vendor Product Version
Siemens SCALANCE X200-4P IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X201-3P IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X201-3P IRT PRO Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X202-2IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X202-2IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X202-2P IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X202-2P IRT PRO Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X204-2 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X204-2FM Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X204-2LD Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X204-2LD TS Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X204-2TS Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X204IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X204IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X204IRT PRO Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X206-1 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X206-1LD Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X208 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X208PRO Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X212-2 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X212-2LD Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X216 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X224 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE XF201-3P IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE XF202-2P IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE XF204 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE XF204-2 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE XF204-2BA IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE XF204IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE XF206-1 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE XF208 Affected: All versions < V5.2.6
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:11:43.372Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-26649",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-18T15:23:07.279089Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-21T13:51:58.286Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X200-4P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X201-3P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X201-3P IRT PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X202-2IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X202-2IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X202-2P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X202-2P IRT PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2FM",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2LD TS",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2TS",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204IRT PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X206-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X206-1LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X208",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X208PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X212-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X212-2LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X216",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X224",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF201-3P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF202-2P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204-2BA IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF206-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF208",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT PRO (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT PRO (All versions \u003c V5.5.2), SCALANCE X204-2 (All versions \u003c V5.2.6), SCALANCE X204-2FM (All versions \u003c V5.2.6), SCALANCE X204-2LD (All versions \u003c V5.2.6), SCALANCE X204-2LD TS (All versions \u003c V5.2.6), SCALANCE X204-2TS (All versions \u003c V5.2.6), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT PRO (All versions \u003c V5.5.2), SCALANCE X206-1 (All versions \u003c V5.2.6), SCALANCE X206-1LD (All versions \u003c V5.2.6), SCALANCE X208 (All versions \u003c V5.2.6), SCALANCE X208PRO (All versions \u003c V5.2.6), SCALANCE X212-2 (All versions \u003c V5.2.6), SCALANCE X212-2LD (All versions \u003c V5.2.6), SCALANCE X216 (All versions \u003c V5.2.6), SCALANCE X224 (All versions \u003c V5.2.6), SCALANCE XF201-3P IRT (All versions \u003c V5.5.2), SCALANCE XF202-2P IRT (All versions \u003c V5.5.2), SCALANCE XF204 (All versions \u003c V5.2.6), SCALANCE XF204-2 (All versions \u003c V5.2.6), SCALANCE XF204-2BA IRT (All versions \u003c V5.5.2), SCALANCE XF204IRT (All versions \u003c V5.5.2), SCALANCE XF206-1 (All versions \u003c V5.2.6), SCALANCE XF208 (All versions \u003c V5.2.6). Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-11T09:02:21.918Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2022-26649",
    "datePublished": "2022-07-12T10:06:35.000Z",
    "dateReserved": "2022-03-07T00:00:00.000Z",
    "dateUpdated": "2025-04-21T13:51:58.286Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-26648 (GCVE-0-2022-26648)

Vulnerability from cvelistv5 – Published: 2022-07-12 10:06 – Updated: 2025-04-21 13:52
VLAI?
Summary
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices.
Severity ?
8.2 (High)
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H/E:P/RL:O/RC:C
CWE
  • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
Vendor Product Version
Siemens SCALANCE X200-4P IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X201-3P IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X201-3P IRT PRO Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X202-2IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X202-2IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X202-2P IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X202-2P IRT PRO Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X204-2 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X204-2FM Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X204-2LD Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X204-2LD TS Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X204-2TS Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X204IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X204IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X204IRT PRO Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X206-1 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X206-1LD Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X208 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X208PRO Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X212-2 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X212-2LD Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X216 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X224 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE XF201-3P IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE XF202-2P IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE XF204 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE XF204-2 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE XF204-2BA IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE XF204IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE XF206-1 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE XF208 Affected: All versions < V5.2.6
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:11:43.481Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-26648",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-18T15:15:25.029715Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-21T13:52:07.405Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X200-4P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X201-3P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X201-3P IRT PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X202-2IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X202-2IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X202-2P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X202-2P IRT PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2FM",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2LD TS",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2TS",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204IRT PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X206-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X206-1LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X208",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X208PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X212-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X212-2LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X216",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X224",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF201-3P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF202-2P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204-2BA IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF206-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF208",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT PRO (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT PRO (All versions \u003c V5.5.2), SCALANCE X204-2 (All versions \u003c V5.2.6), SCALANCE X204-2FM (All versions \u003c V5.2.6), SCALANCE X204-2LD (All versions \u003c V5.2.6), SCALANCE X204-2LD TS (All versions \u003c V5.2.6), SCALANCE X204-2TS (All versions \u003c V5.2.6), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT PRO (All versions \u003c V5.5.2), SCALANCE X206-1 (All versions \u003c V5.2.6), SCALANCE X206-1LD (All versions \u003c V5.2.6), SCALANCE X208 (All versions \u003c V5.2.6), SCALANCE X208PRO (All versions \u003c V5.2.6), SCALANCE X212-2 (All versions \u003c V5.2.6), SCALANCE X212-2LD (All versions \u003c V5.2.6), SCALANCE X216 (All versions \u003c V5.2.6), SCALANCE X224 (All versions \u003c V5.2.6), SCALANCE XF201-3P IRT (All versions \u003c V5.5.2), SCALANCE XF202-2P IRT (All versions \u003c V5.5.2), SCALANCE XF204 (All versions \u003c V5.2.6), SCALANCE XF204-2 (All versions \u003c V5.2.6), SCALANCE XF204-2BA IRT (All versions \u003c V5.5.2), SCALANCE XF204IRT (All versions \u003c V5.5.2), SCALANCE XF206-1 (All versions \u003c V5.2.6), SCALANCE XF208 (All versions \u003c V5.2.6). Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-11T09:02:20.560Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2022-26648",
    "datePublished": "2022-07-12T10:06:34.000Z",
    "dateReserved": "2022-03-07T00:00:00.000Z",
    "dateUpdated": "2025-04-21T13:52:07.405Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-26647 (GCVE-0-2022-26647)

Vulnerability from cvelistv5 – Published: 2022-07-12 10:06 – Updated: 2025-04-21 13:52
VLAI?
Summary
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.
Severity ?
8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE
  • CWE-330 - Use of Insufficiently Random Values
Assigner
References
Impacted products
Vendor Product Version
Siemens SCALANCE X200-4P IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X201-3P IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X201-3P IRT PRO Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X202-2IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X202-2IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X202-2P IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X202-2P IRT PRO Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X204-2 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X204-2FM Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X204-2LD Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X204-2LD TS Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X204-2TS Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X204IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X204IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X204IRT PRO Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE X206-1 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X206-1LD Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X208 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X208PRO Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X212-2 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X212-2LD Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X216 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE X224 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE XF201-3P IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE XF202-2P IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE XF204 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE XF204-2 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE XF204-2BA IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE XF204IRT Affected: All versions < V5.5.2
Create a notification for this product.
    Siemens SCALANCE XF206-1 Affected: All versions < V5.2.6
Create a notification for this product.
    Siemens SCALANCE XF208 Affected: All versions < V5.2.6
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:11:43.345Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-26647",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-18T15:23:11.211353Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-21T13:52:17.065Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X200-4P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X201-3P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X201-3P IRT PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X202-2IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X202-2IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X202-2P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X202-2P IRT PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2FM",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2LD TS",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204-2TS",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204IRT PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X206-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X206-1LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X208",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X208PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X212-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X212-2LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X216",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X224",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF201-3P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF202-2P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204-2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204-2BA IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF206-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF208",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT PRO (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT PRO (All versions \u003c V5.5.2), SCALANCE X204-2 (All versions \u003c V5.2.6), SCALANCE X204-2FM (All versions \u003c V5.2.6), SCALANCE X204-2LD (All versions \u003c V5.2.6), SCALANCE X204-2LD TS (All versions \u003c V5.2.6), SCALANCE X204-2TS (All versions \u003c V5.2.6), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT PRO (All versions \u003c V5.5.2), SCALANCE X206-1 (All versions \u003c V5.2.6), SCALANCE X206-1LD (All versions \u003c V5.2.6), SCALANCE X208 (All versions \u003c V5.2.6), SCALANCE X208PRO (All versions \u003c V5.2.6), SCALANCE X212-2 (All versions \u003c V5.2.6), SCALANCE X212-2LD (All versions \u003c V5.2.6), SCALANCE X216 (All versions \u003c V5.2.6), SCALANCE X224 (All versions \u003c V5.2.6), SCALANCE XF201-3P IRT (All versions \u003c V5.5.2), SCALANCE XF202-2P IRT (All versions \u003c V5.5.2), SCALANCE XF204 (All versions \u003c V5.2.6), SCALANCE XF204-2 (All versions \u003c V5.2.6), SCALANCE XF204-2BA IRT (All versions \u003c V5.5.2), SCALANCE XF204IRT (All versions \u003c V5.5.2), SCALANCE XF206-1 (All versions \u003c V5.2.6), SCALANCE XF208 (All versions \u003c V5.2.6). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-330",
              "description": "CWE-330: Use of Insufficiently Random Values",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-11T09:02:19.204Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2022-26647",
    "datePublished": "2022-07-12T10:06:32.000Z",
    "dateReserved": "2022-03-07T00:00:00.000Z",
    "dateUpdated": "2025-04-21T13:52:17.065Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-29998 (GCVE-0-2021-29998)

Vulnerability from cvelistv5 – Published: 2021-04-13 16:16 – Updated: 2024-08-03 22:24
VLAI?
Summary
An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:24:59.358Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support2.windriver.com/index.php?page=security-notices"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-12"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-910883.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-12T10:06:15",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support2.windriver.com/index.php?page=security-notices"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-12"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-910883.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-29998",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support2.windriver.com/index.php?page=security-notices",
              "refsource": "MISC",
              "url": "https://support2.windriver.com/index.php?page=security-notices"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-12",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-12"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-910883.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-910883.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-29998",
    "datePublished": "2021-04-13T16:16:51",
    "dateReserved": "2021-04-02T00:00:00",
    "dateUpdated": "2024-08-03T22:24:59.358Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}