CVE-2022-25754 Information

Description

A vulnerability has been identified in SCALANCE X302-7 EEC (230V) SCALANCE X302-7 EEC (230V coated) SCALANCE X302-7 EEC (24V) SCALANCE X302-7 EEC (24V coated) SCALANCE X302-7 EEC (2x 230V) SCALANCE X302-7 EEC (2x 230V coated) SCALANCE X302-7 EEC (2x 24V) SCALANCE X302-7 EEC (2x 24V coated) SCALANCE X304-2FE SCALANCE X306-1LD FE SCALANCE X307-2 EEC (230V) SCALANCE X307-2 EEC (230V coated) SCALANCE X307-2 EEC (24V) SCALANCE X307-2 EEC (24V coated) SCALANCE X307-2 EEC (2x 230V) SCALANCE X307-2 EEC (2x 230V coated) SCALANCE X307-2 EEC (2x 24V) SCALANCE X307-2 EEC (2x 24V coated) SCALANCE X307-3 SCALANCE X307-3 SCALANCE X307-3LD SCALANCE X307-3LD SCALANCE X308-2 SCALANCE X308-2 SCALANCE X308-2LD SCALANCE X308-2LD SCALANCE X308-2LH SCALANCE X308-2LH SCALANCE X308-2LH+ SCALANCE X308-2LH+ SCALANCE X308-2M SCALANCE X308-2M SCALANCE X308-2M PoE SCALANCE X308-2M PoE SCALANCE X308-2M TS SCALANCE X308-2M TS SCALANCE X310 SCALANCE X310 SCALANCE X310FE SCALANCE X310FE SCALANCE X320-1 FE SCALANCE X320-1-2LD FE SCALANCE X408-2 SCALANCE XR324-12M (230V ports on front) SCALANCE XR324-12M (230V ports on front) SCALANCE XR324-12M (230V ports on rear) SCALANCE XR324-12M (230V ports on rear) SCALANCE XR324-12M (24V ports on front) SCALANCE XR324-12M (24V ports on front) SCALANCE XR324-12M (24V ports on rear) SCALANCE XR324-12M (24V ports on rear) SCALANCE XR324-12M TS (24V) SCALANCE XR324-12M TS (24V) SCALANCE XR324-4M EEC (100-240VAC/60-250VDC ports on front) SCALANCE XR324-4M EEC (100-240VAC/60-250VDC ports on front) SCALANCE XR324-4M EEC (100-240VAC/60-250VDC ports on rear) SCALANCE XR324-4M EEC (100-240VAC/60-250VDC ports on rear) SCALANCE XR324-4M EEC (24V ports on front) SCALANCE XR324-4M EEC (24V ports on front) SCALANCE XR324-4M EEC (24V ports on rear) SCALANCE XR324-4M EEC (24V ports on rear) SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC ports on front) SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC ports on front) SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC ports on rear) SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC ports on rear) SCALANCE XR324-4M EEC (2x 24V ports on front) SCALANCE XR324-4M EEC (2x 24V ports on front) SCALANCE XR324-4M EEC (2x 24V ports on rear) SCALANCE XR324-4M EEC (2x 24V ports on rear) SCALANCE XR324-4M PoE (230V ports on front) SCALANCE XR324-4M PoE (230V ports on rear) SCALANCE XR324-4M PoE (24V ports on front) SCALANCE XR324-4M PoE (24V ports on rear) SCALANCE XR324-4M PoE TS (24V ports on front) SIPLUS NET SCALANCE X308-2. The integrated web server of the affected device could allow remote attackers to perform actions with the permissions of a victim user provided the victim user has an active session and is induced to trigger the malicious request.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8