CVE-2022-25754

12.04.2022, 09:15

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server of the affected device could allow remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request.

CSRF

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
siemens	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 46%

Vendor	Product	Version
siemens	scalance_x302-7eec_firmware	𝑥 < 4.1.4
siemens	scalance_x304-2fe_firmware	𝑥 < 4.1.4
siemens	scalance_x306-1ldfe_firmware	𝑥 < 4.1.4
siemens	scalance_x307-2eec_firmware	𝑥 < 4.1.4
siemens	scalance_x307-3_firmware	𝑥 < 4.1.4
siemens	scalance_x307-3ld_firmware	𝑥 < 4.1.4
siemens	scalance_x308-2_firmware	𝑥 < 4.1.4
siemens	scalance_x308-2ld_firmware	𝑥 < 4.1.4
siemens	scalance_x308-2lh_firmware	𝑥 < 4.1.4
siemens	scalance_x308-2lh\+_firmware	𝑥 < 4.1.4
siemens	scalance_x308-2m_firmware	𝑥 < 4.1.4
siemens	scalance_x308-2m_poe_firmware	-
siemens	scalance_x308-2m_ts_firmware	𝑥 < 4.1.4
siemens	scalance_x310_firmware	𝑥 < 4.1.4
siemens	scalance_x310fe_firmware	𝑥 < 4.1.4
siemens	scalance_x320-1fe_firmware	𝑥 < 4.1.4
siemens	scalance_x320-1-2ldfe_firmware	𝑥 < 4.1.4
siemens	scalance_x408-2_firmware	𝑥 < 4.1.4
siemens	scalance_xr324-4m_eec_firmware	𝑥 < 4.1.4
siemens	scalance_xr324-4m_poe_firmware	𝑥 < 4.1.4
siemens	scalance_xr324-4m_poe_ts_firmware	𝑥 < 4.1.4
siemens	scalance_xr324-12m_firmware	𝑥 < 4.1.4
siemens	scalance_xr324-12m_ts_firmware	𝑥 < 4.1.4
siemens	siplus_net_scalance_x308-2_firmware	𝑥 < 4.1.4

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-352 - Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References

https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf