Remote Code Execution Vulnerability in SCALANCE X Series by Siemens
CVE-2022-25751

7.5HIGH

Key Information:

Vendor: Siemens
Status: Scalance X302-7 Eec (230v); Scalance X302-7 Eec (230v, Coated); Scalance X302-7 Eec (24v); Scalance X302-7 Eec (24v, Coated)
Vendor: CVE Published:; 12 April 2022

What is CVE-2022-25751?

A vulnerability exists in several SCALANCE X series devices that fail to adequately validate HTTP headers in incoming requests. This flaw could potentially enable unauthenticated remote attackers to trigger device crashes, resulting in service interruption and potential compromise of device availability.

Affected Version(s)

SCALANCE X302-7 EEC (230V, coated) All versions < V4.1.4

SCALANCE X302-7 EEC (230V) All versions < V4.1.4

SCALANCE X302-7 EEC (24V, coated) All versions < V4.1.4

References

https://cert-portal.siemens.com/productcert/pdf/ssa-83652...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 12, 2022
Vulnerability Reserved
Feb 22, 2022