CVE-2022-36324

Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
siemensCNA
7.5 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
VendorProductVersion
siemensscalance_m-800_firmware
*
siemensscalance_s615_firmware
*
siemensscalance_w700_ieee_802.11ax_firmware
*
siemensscalance_w700_ieee_802.11n_firmware
*
siemensscalance_w700_ieee_802.11ac_firmware
*
siemensscalance_xb-200_firmware
*
siemensscalance_xb205-3_firmware
*
siemensscalance_xb205-3ld_firmware
*
siemensscalance_xb208_firmware
*
siemensscalance_xb213-3_firmware
*
siemensscalance_xb213-3ld_firmware
*
siemensscalance_xb216_firmware
*
siemensscalance_xc-200_firmware
*
siemensscalance_xc206-2_firmware
*
siemensscalance_xc206-2g_poe__firmware
*
siemensscalance_xc206-2g_poe_eec_firmware
*
siemensscalance_xc206-2sfp_eec_firmware
*
siemensscalance_xc206-2sfp_g_firmware
*
siemensscalance_xc206-2sfp_g_\(e\/ip\)_firmware
*
siemensscalance_xc206-2sfp_g_eec_firmware
*
siemensscalance_xc208_firmware
*
siemensscalance_xc208eec_firmware
*
siemensscalance_xc208g_firmware
*
siemensscalance_xc208g_\(e\/ip\)_firmware
*
siemensscalance_xc208g_eec_firmware
*
siemensscalance_xc208g_poe_firmware
*
siemensscalance_xc216_firmware
*
siemensscalance_xc216-4c_firmware
*
siemensscalance_xc216-4c_g_firmware
*
siemensscalance_xc216-4c_g_\(e\/ip\)_firmware
*
siemensscalance_xc216-4c_g_eec_firmware
*
siemensscalance_xc216eec_firmware
*
siemensscalance_xc224__firmware
*
siemensscalance_xc224-4c_g__firmware
*
siemensscalance_xc224-4c_g_\(e\/ip\)_firmware
*
siemensscalance_xc224-4c_g_eec_firmware
*
siemensscalance_xf-200ba_firmware
*
siemensscalance_xf204-2ba_dna_firmware
*
siemensscalance_xf204-2ba_irt_firmware
*
siemensscalance_xm400_firmware
*
siemensscalance_xm408-4c_firmware
*
siemensscalance_xm408-4c_l3_firmware
*
siemensscalance_xm408-8c_firmware
*
siemensscalance_xm408-8c_l3_firmware
*
siemensscalance_xm416-4c_firmware
*
siemensscalance_xm416-4c_l3_firmware
*
siemensscalance_xp-200_firmware
*
siemensscalance_xp208_firmware
*
siemensscalance_xp208_\(eip\)_firmware
*
siemensscalance_xp208eec_firmware
*
siemensscalance_xp208poe_eec_firmware
*
siemensscalance_xp216_firmware
*
siemensscalance_xp216_\(eip\)_firmware
*
siemensscalance_xp216eec_firmware
*
siemensscalance_xp216poe_eec_firmware
*
siemensscalance_xr-300_firmware
*
siemensscalance_xr-300eec_firmware
*
siemensscalance_xr-300poe_firmware
*
siemensscalance_xr-300wg_firmware
*
siemensscalance_xr324-12m_firmware
*
siemensscalance_xr324-12m_ts_firmware
*
siemensscalance_xr324-4m_eec_firmware
*
siemensscalance_xr324-4m_poe_firmware
*
siemensscalance_xr324-4m_poe_ts_firmware
*
siemensscalance_xr324wg_firmware
*
siemensscalance_xr326-2c_poe_wg_firmware
*
siemensscalance_xr328-4c_wg_firmware
*
siemensscalance_xr500_firmware
*
siemensscalance_xr524_firmware
*
siemensscalance_xr524-8c_firmware
*
siemensscalance_xr524-8c_l3_firmware
*
siemensscalance_xr526_firmware
*
siemensscalance_xr526-8c_firmware
*
siemensscalance_xr526-8c_l3_firmware
*
siemensscalance_xr528_firmware
*
siemensscalance_xr528-6m_firmware
*
siemensscalance_xr528-6m_2hr2_firmware
*
siemensscalance_xr528-6m_2hr2_l3_firmware
*
siemensscalance_xr528-6m_l3_firmware
*
siemensscalance_xr552_firmware
*
siemensscalance_xr552-12_firmware
*
siemensscalance_xr552-12m_firmware
*
siemensscalance_xr552-12m_2hr2_firmware
*
siemensscalance_xr552-12m_2hr2_l3_firmware
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf