Remote Code Execution Vulnerability in SCALANCE X Series by Siemens
CVE-2022-25751

7.5HIGH

Key Information:

Vendor
Siemens
Status
Scalance X302-7 Eec (230v)
Scalance X302-7 Eec (230v, Coated)
Scalance X302-7 Eec (24v)
Scalance X302-7 Eec (24v, Coated)
Vendor
CVE Published:
12 April 2022

Summary

A vulnerability exists in several SCALANCE X series devices that fail to adequately validate HTTP headers in incoming requests. This flaw could potentially enable unauthenticated remote attackers to trigger device crashes, resulting in service interruption and potential compromise of device availability.

Affected Version(s)

SCALANCE X302-7 EEC (230V, coated) All versions < V4.1.4

SCALANCE X302-7 EEC (230V) All versions < V4.1.4

SCALANCE X302-7 EEC (24V, coated) All versions < V4.1.4

References

https://cert-portal.siemens.com/productcert/pdf/ssa-83652...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.