CVE-2022-26648

Description

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices.

CVSS breakdown

CVSS 3.1

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

High

Physical

Changed

Affected products

Siemens / SCALANCE X200-4P IRTAll versions < V5.5.2 – All versions < V5.5.2
Siemens / SCALANCE X201-3P IRTAll versions < V5.5.2 – All versions < V5.5.2
Siemens / SCALANCE X201-3P IRT PROAll versions < V5.5.2 – All versions < V5.5.2
Siemens / SCALANCE X202-2IRTAll versions < V5.5.2 – All versions < V5.5.2
Siemens / SCALANCE X202-2P IRTAll versions < V5.5.2 – All versions < V5.5.2
Siemens / SCALANCE X202-2P IRT PROAll versions < V5.5.2 – All versions < V5.5.2
Siemens / SCALANCE X204-2All versions < V5.2.6 – All versions < V5.2.6
Siemens / SCALANCE X204-2FMAll versions < V5.2.6 – All versions < V5.2.6
Siemens / SCALANCE X204-2LDAll versions < V5.2.6 – All versions < V5.2.6
Siemens / SCALANCE X204-2LD TSAll versions < V5.2.6 – All versions < V5.2.6
Siemens / SCALANCE X204-2TSAll versions < V5.2.6 – All versions < V5.2.6
Siemens / SCALANCE X204IRTAll versions < V5.5.2 – All versions < V5.5.2
Siemens / SCALANCE X204IRT PROAll versions < V5.5.2 – All versions < V5.5.2
Siemens / SCALANCE X206-1All versions < V5.2.6 – All versions < V5.2.6
Siemens / SCALANCE X206-1LDAll versions < V5.2.6 – All versions < V5.2.6
Siemens / SCALANCE X208All versions < V5.2.6 – All versions < V5.2.6
Siemens / SCALANCE X208PROAll versions < V5.2.6 – All versions < V5.2.6
Siemens / SCALANCE X212-2All versions < V5.2.6 – All versions < V5.2.6
Siemens / SCALANCE X212-2LDAll versions < V5.2.6 – All versions < V5.2.6
Siemens / SCALANCE X216All versions < V5.2.6 – All versions < V5.2.6
Siemens / SCALANCE X224All versions < V5.2.6 – All versions < V5.2.6
Siemens / SCALANCE XF201-3P IRTAll versions < V5.5.2 – All versions < V5.5.2
Siemens / SCALANCE XF202-2P IRTAll versions < V5.5.2 – All versions < V5.5.2
Siemens / SCALANCE XF204All versions < V5.2.6 – All versions < V5.2.6
Siemens / SCALANCE XF204-2All versions < V5.2.6 – All versions < V5.2.6
Siemens / SCALANCE XF204-2BA IRTAll versions < V5.5.2 – All versions < V5.5.2
Siemens / SCALANCE XF204IRTAll versions < V5.5.2 – All versions < V5.5.2
Siemens / SCALANCE XF206-1All versions < V5.2.6 – All versions < V5.2.6
Siemens / SCALANCE XF208All versions < V5.2.6 – All versions < V5.2.6

References

MISChttps://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf