CVE-2022-25755 Information
Description
A vulnerability has been identified in SCALANCE X302-7 EEC (230V) SCALANCE X302-7 EEC (230V coated) SCALANCE X302-7 EEC (24V) SCALANCE X302-7 EEC (24V coated) SCALANCE X302-7 EEC (2x 230V) SCALANCE X302-7 EEC (2x 230V coated) SCALANCE X302-7 EEC (2x 24V) SCALANCE X302-7 EEC (2x 24V coated) SCALANCE X304-2FE SCALANCE X306-1LD FE SCALANCE X307-2 EEC (230V) SCALANCE X307-2 EEC (230V coated) SCALANCE X307-2 EEC (24V) SCALANCE X307-2 EEC (24V coated) SCALANCE X307-2 EEC (2x 230V) SCALANCE X307-2 EEC (2x 230V coated) SCALANCE X307-2 EEC (2x 24V) SCALANCE X307-2 EEC (2x 24V coated) SCALANCE X307-3 SCALANCE X307-3 SCALANCE X307-3LD SCALANCE X307-3LD SCALANCE X308-2 SCALANCE X308-2 SCALANCE X308-2LD SCALANCE X308-2LD SCALANCE X308-2LH SCALANCE X308-2LH SCALANCE X308-2LH+ SCALANCE X308-2LH+ SCALANCE X308-2M SCALANCE X308-2M SCALANCE X308-2M PoE SCALANCE X308-2M PoE SCALANCE X308-2M TS SCALANCE X308-2M TS SCALANCE X310 SCALANCE X310 SCALANCE X310FE SCALANCE X310FE SCALANCE X320-1 FE SCALANCE X320-1-2LD FE SCALANCE X408-2 SCALANCE XR324-12M (230V ports on front) SCALANCE XR324-12M (230V ports on front) SCALANCE XR324-12M (230V ports on rear) SCALANCE XR324-12M (230V ports on rear) SCALANCE XR324-12M (24V ports on front) SCALANCE XR324-12M (24V ports on front) SCALANCE XR324-12M (24V ports on rear) SCALANCE XR324-12M (24V ports on rear) SCALANCE XR324-12M TS (24V) SCALANCE XR324-12M TS (24V) SCALANCE XR324-4M EEC (100-240VAC/60-250VDC ports on front) SCALANCE XR324-4M EEC (100-240VAC/60-250VDC ports on front) SCALANCE XR324-4M EEC (100-240VAC/60-250VDC ports on rear) SCALANCE XR324-4M EEC (100-240VAC/60-250VDC ports on rear) SCALANCE XR324-4M EEC (24V ports on front) SCALANCE XR324-4M EEC (24V ports on front) SCALANCE XR324-4M EEC (24V ports on rear) SCALANCE XR324-4M EEC (24V ports on rear) SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC ports on front) SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC ports on front) SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC ports on rear) SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC ports on rear) SCALANCE XR324-4M EEC (2x 24V ports on front) SCALANCE XR324-4M EEC (2x 24V ports on front) SCALANCE XR324-4M EEC (2x 24V ports on rear) SCALANCE XR324-4M EEC (2x 24V ports on rear) SCALANCE XR324-4M PoE (230V ports on front) SCALANCE XR324-4M PoE (230V ports on rear) SCALANCE XR324-4M PoE (24V ports on front) SCALANCE XR324-4M PoE (24V ports on rear) SCALANCE XR324-4M PoE TS (24V ports on front) SIPLUS NET SCALANCE X308-2. The webserver of an affected device is missing specific security headers. This could allow an remote attacker to extract confidential session information under certain circumstances.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Reference
https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
7.5
Share on: