Remote Access Vulnerability in Siemens SCALANCE Products
CVE-2022-25754
8.8HIGH
Key Information:
- Vendor
Siemens
- Status
- Vendor
- CVE Published:
- 12 April 2022
What is CVE-2022-25754?
A vulnerability exists in various models of Siemens SCALANCE devices, where the integrated web server could be exploited by remote attackers. The attackers could perform actions with the privileges of a victim user if the user is logged in and unknowingly triggers a malicious request, potentially leading to unauthorized control over device settings.
Affected Version(s)
SCALANCE X302-7 EEC (230V, coated) All versions < V4.1.4
SCALANCE X302-7 EEC (230V) All versions < V4.1.4
SCALANCE X302-7 EEC (24V, coated) All versions < V4.1.4