CVE-2022-26380

12.04.2022, 09:15

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate if a certain SNMP key exists. An attacker could use this to trigger a reboot of an affected device by requesting specific SNMP information from the device.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
siemens	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 67%

Vendor	Product	Version
siemens	scalance_x302-7eec_firmware	𝑥 < 4.1.4
siemens	scalance_x304-2fe_firmware	𝑥 < 4.1.4
siemens	scalance_x306-1ldfe_firmware	𝑥 < 4.1.4
siemens	scalance_x307-2eec_firmware	𝑥 < 4.1.4
siemens	scalance_x307-3_firmware	𝑥 < 4.1.4
siemens	scalance_x307-3ld_firmware	𝑥 < 4.1.4
siemens	scalance_x308-2_firmware	𝑥 < 4.1.4
siemens	scalance_x308-2ld_firmware	𝑥 < 4.1.4
siemens	scalance_x308-2lh_firmware	𝑥 < 4.1.4
siemens	scalance_x308-2lh\+_firmware	𝑥 < 4.1.4
siemens	scalance_x308-2m_firmware	𝑥 < 4.1.4
siemens	scalance_x308-2m_poe_firmware	-
siemens	scalance_x308-2m_ts_firmware	𝑥 < 4.1.4
siemens	scalance_x310_firmware	𝑥 < 4.1.4
siemens	scalance_x310fe_firmware	𝑥 < 4.1.4
siemens	scalance_x320-1fe_firmware	𝑥 < 4.1.4
siemens	scalance_x320-1-2ldfe_firmware	𝑥 < 4.1.4
siemens	scalance_x408-2_firmware	𝑥 < 4.1.4
siemens	scalance_xr324-4m_eec_firmware	𝑥 < 4.1.4
siemens	scalance_xr324-4m_poe_firmware	𝑥 < 4.1.4
siemens	scalance_xr324-4m_poe_ts_firmware	𝑥 < 4.1.4
siemens	scalance_xr324-12m_firmware	𝑥 < 4.1.4
siemens	scalance_xr324-12m_ts_firmware	𝑥 < 4.1.4
siemens	siplus_net_scalance_x308-2_firmware	𝑥 < 4.1.4

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

References

https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf