CVE-2022-36323 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.1 CRITICAL	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
siemens	CNA	9.1 CRITICAL				CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 57%

Vendor	Product	Version
siemens	scalance_m-800_firmware	*
siemens	scalance_s615_firmware	*
siemens	scalance_sc-600_firmware	𝑥 < 2.3.1
siemens	scalance_sc622-2c_firmware	𝑥 < 2.3.1
siemens	scalance_sc632-2c_firmware	𝑥 < 2.3.1
siemens	scalance_sc636-2c_firmware	𝑥 < 2.3.1
siemens	scalance_sc642-2c_firmware	𝑥 < 2.3.1
siemens	scalance_sc646-2c_firmware	𝑥 < 2.3.1
siemens	scalance_w700_ieee_802.11ax_firmware	*
siemens	scalance_w700_ieee_802.11n_firmware	*
siemens	scalance_w700_ieee_802.11ac_firmware	*
siemens	scalance_xb-200_firmware	*
siemens	scalance_xb205-3_firmware	*
siemens	scalance_xb205-3ld_firmware	*
siemens	scalance_xb208_firmware	*
siemens	scalance_xb213-3_firmware	*
siemens	scalance_xb213-3ld_firmware	*
siemens	scalance_xb216_firmware	*
siemens	scalance_xc-200_firmware	*
siemens	scalance_xc206-2_firmware	*
siemens	scalance_xc206-2g_poe__firmware	*
siemens	scalance_xc206-2g_poe_eec_firmware	*
siemens	scalance_xc206-2sfp_eec_firmware	*
siemens	scalance_xc206-2sfp_g_firmware	*
siemens	scalance_xc206-2sfp_g_\(e\/ip\)_firmware	*
siemens	scalance_xc206-2sfp_g_eec_firmware	*
siemens	scalance_xc208_firmware	*
siemens	scalance_xc208eec_firmware	*
siemens	scalance_xc208g_firmware	*
siemens	scalance_xc208g_\(e\/ip\)_firmware	*
siemens	scalance_xc208g_eec_firmware	*
siemens	scalance_xc208g_poe_firmware	*
siemens	scalance_xc216_firmware	*
siemens	scalance_xc216-4c_firmware	*
siemens	scalance_xc216-4c_g_firmware	*
siemens	scalance_xc216-4c_g_\(e\/ip\)_firmware	*
siemens	scalance_xc216-4c_g_eec_firmware	*
siemens	scalance_xc216eec_firmware	*
siemens	scalance_xc224__firmware	*
siemens	scalance_xc224-4c_g__firmware	*
siemens	scalance_xc224-4c_g_\(e\/ip\)_firmware	*
siemens	scalance_xc224-4c_g_eec_firmware	*
siemens	scalance_xf-200ba_firmware	*
siemens	scalance_xf204-2ba_dna_firmware	*
siemens	scalance_xf204-2ba_irt_firmware	*
siemens	scalance_xm400_firmware	*
siemens	scalance_xm408-4c_firmware	*
siemens	scalance_xm408-4c_l3_firmware	*
siemens	scalance_xm408-8c_firmware	*
siemens	scalance_xm408-8c_l3_firmware	*
siemens	scalance_xm416-4c_firmware	*
siemens	scalance_xm416-4c_l3_firmware	*
siemens	scalance_xp-200_firmware	*
siemens	scalance_xp208_firmware	*
siemens	scalance_xp208_\(eip\)_firmware	*
siemens	scalance_xp208eec_firmware	*
siemens	scalance_xp208poe_eec_firmware	*
siemens	scalance_xp216_firmware	*
siemens	scalance_xp216_\(eip\)_firmware	*
siemens	scalance_xp216eec_firmware	*
siemens	scalance_xp216poe_eec_firmware	*
siemens	scalance_xr-300_firmware	*
siemens	scalance_xr-300eec_firmware	*
siemens	scalance_xr-300poe_firmware	*
siemens	scalance_xr-300wg_firmware	*
siemens	scalance_xr324-12m_firmware	*
siemens	scalance_xr324-12m_ts_firmware	*
siemens	scalance_xr324-4m_eec_firmware	*
siemens	scalance_xr324-4m_poe_firmware	*
siemens	scalance_xr324-4m_poe_ts_firmware	*
siemens	scalance_xr324wg_firmware	*
siemens	scalance_xr326-2c_poe_wg_firmware	*
siemens	scalance_xr328-4c_wg_firmware	*
siemens	scalance_xr500_firmware	*
siemens	scalance_xr524_firmware	*
siemens	scalance_xr524-8c_firmware	*
siemens	scalance_xr524-8c_l3_firmware	*
siemens	scalance_xr526_firmware	*
siemens	scalance_xr526-8c_firmware	*
siemens	scalance_xr526-8c_l3_firmware	*
siemens	scalance_xr528_firmware	*
siemens	scalance_xr528-6m_firmware	*
siemens	scalance_xr528-6m_2hr2_firmware	*
siemens	scalance_xr528-6m_2hr2_l3_firmware	*
siemens	scalance_xr528-6m_l3_firmware	*
siemens	scalance_xr552_firmware	*
siemens	scalance_xr552-12_firmware	*
siemens	scalance_xr552-12m_firmware	*
siemens	scalance_xr552-12m_2hr2_firmware	*
siemens	scalance_xr552-12m_2hr2_l3_firmware	*

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

References

https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf