Remote Code Execution Vulnerability in Siemens SCALANCE Devices
CVE-2022-26648

8.2HIGH

Key Information:

Vendor

Siemens
Status
Scalance X200-4p Irt
Scalance X201-3p Irt
Scalance X201-3p Irt Pro
Scalance X202-2irt
Vendor
CVE Published:
12 July 2022

What is CVE-2022-26648?

A vulnerability exists in various Siemens SCALANCE devices where affected versions fail to validate the GET parameter 'XNo' from incoming HTTP requests. This oversight can permit an unauthenticated remote attacker to exploit the device's functionality, potentially resulting in a device crash and service interruption. Organizations using these devices should urgently apply the necessary updates to lessen risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SCALANCE X200-4P IRT All versions < V5.5.2

SCALANCE X201-3P IRT All versions < V5.5.2

SCALANCE X201-3P IRT PRO All versions < V5.5.2

References

https://cert-portal.siemens.com/productcert/pdf/ssa-31003...

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.