Vulnerabilities > CVE-2022-25753 - Out-of-bounds Write vulnerability in Siemens products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

siemens

CWE-787

NVD

Published: 2022-04-12

Updated: 2022-04-19

Summary

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The handling of arguments such as IP addresses in the CLI of affected devices is prone to buffer overflows. This could allow an authenticated remote attacker to execute arbitrary code on the device.

Vulnerable Configurations

Part	Description	Count
OS	Siemens Siemens Scalance X302 7Eec Firmware - Siemens Scalance X304 2FE Firmware - Siemens Scalance X306 1Ldfe Firmware - Siemens Scalance X307 2Eec Firmware - Siemens Scalance X307 3 Firmware - Siemens Scalance X307 3LD Firmware - Siemens Scalance X308 2 Firmware - Siemens Scalance X308 2LD Firmware - Siemens Scalance X308 2LH Firmware - Siemens Scalance X308 2Lh+ Firmware - Siemens Scalance X308 2M Firmware - Siemens Scalance X308 2M POE Firmware - Siemens Scalance X308 2M TS Firmware - Siemens Scalance X310 Firmware - Siemens Scalance X310Fe Firmware - Siemens Scalance X320 1FE Firmware - Siemens Scalance X320 1 2Ldfe Firmware * Siemens Scalance X408 2 Firmware - Siemens Scalance X408 2 Firmware 4.1.3 Siemens Scalance Xr324 4M EEC Firmware - Siemens Scalance Xr324 4M EEC Firmware 4.1.0 Siemens Scalance Xr324 4M POE Firmware - Siemens Scalance Xr324 4M POE Firmware 4.1.0 Siemens Scalance Xr324 4M POE TS Firmware - Siemens Scalance Xr324 4M POE TS Firmware 4.1.0 Siemens Scalance Xr324 12M Firmware - Siemens Scalance Xr324 12M Firmware 4.1.0 Siemens Scalance Xr324 12M TS Firmware - Siemens Scalance Xr324 12M TS Firmware 4.1.0 Siemens Siplus NET Scalance X308 2 Firmware *	30
Hardware	Siemens Siemens Scalance X302 7Eec - Siemens Scalance X304 2FE - Siemens Scalance X306 1Ldfe - Siemens Scalance X307 2Eec - Siemens Scalance X307 3 - Siemens Scalance X307 3LD - Siemens Scalance X308 2 - Siemens Scalance X308 2LD - Siemens Scalance X308 2LH - Siemens Scalance X308 2Lh+ - Siemens Scalance X308 2M - Siemens Scalance X308 2M POE - Siemens Scalance X308 2M TS - Siemens Scalance X310 - Siemens Scalance X310Fe - Siemens Scalance X320 1FE - Siemens Scalance X320 1 2Ldfe - Siemens Scalance X408 2 - Siemens Scalance Xr324 4M EEC - Siemens Scalance Xr324 4M POE - Siemens Scalance Xr324 4M POE TS - Siemens Scalance Xr324 12M - Siemens Scalance Xr324 12M TS - Siemens Siplus NET Scalance X308 2 -	24

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf