PT-2022-17980 · Siemens · Scalance X201-3P Irt+20
Published
2022-07-12
·
Updated
2023-04-11
·
CVE-2022-26648
CVSS v3.1
8.2
High
| Vector | AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H |
Name of the Vulnerable Software and Affected Versions
SCALANCE X200-4P IRT versions prior to V5.5.2
SCALANCE X201-3P IRT versions prior to V5.5.2
SCALANCE X201-3P IRT PRO versions prior to V5.5.2
SCALANCE X202-2IRT versions prior to V5.5.2
SCALANCE X202-2P IRT versions prior to V5.5.2
SCALANCE X202-2P IRT PRO versions prior to V5.5.2
SCALANCE X204-2 versions prior to V5.2.6
SCALANCE X204-2FM versions prior to V5.2.6
SCALANCE X204-2LD versions prior to V5.2.6
SCALANCE X204-2LD TS versions prior to V5.2.6
SCALANCE X204-2TS versions prior to V5.2.6
SCALANCE X204IRT versions prior to V5.5.2
SCALANCE X204IRT PRO versions prior to V5.5.2
SCALANCE X206-1 versions prior to V5.2.6
SCALANCE X206-1LD versions prior to V5.2.6
SCALANCE X208 versions prior to V5.2.6
SCALANCE X208PRO versions prior to V5.2.6
SCALANCE X212-2 versions prior to V5.2.6
SCALANCE X212-2LD versions prior to V5.2.6
SCALANCE X216 versions prior to V5.2.6
SCALANCE X224 versions prior to V5.2.6
SCALANCE XF201-3P IRT versions prior to V5.5.2
SCALANCE XF202-2P IRT versions prior to V5.5.2
SCALANCE XF204 versions prior to V5.2.6
SCALANCE XF204-2 versions prior to V5.2.6
SCALANCE XF204-2BA IRT versions prior to V5.5.2
SCALANCE XF204IRT versions prior to V5.5.2
SCALANCE XF206-1 versions prior to V5.2.6
SCALANCE XF208 versions prior to V5.2.6
Description
A vulnerability has been identified in the affected devices, where they do not properly validate the
XNo parameter of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash the affected devices by exploiting this issue.Recommendations
For SCALANCE X200-4P IRT versions prior to V5.5.2, update to version V5.5.2 or later.
For SCALANCE X201-3P IRT versions prior to V5.5.2, update to version V5.5.2 or later.
For SCALANCE X201-3P IRT PRO versions prior to V5.5.2, update to version V5.5.2 or later.
For SCALANCE X202-2IRT versions prior to V5.5.2, update to version V5.5.2 or later.
For SCALANCE X202-2P IRT versions prior to V5.5.2, update to version V5.5.2 or later.
For SCALANCE X202-2P IRT PRO versions prior to V5.5.2, update to version V5.5.2 or later.
For SCALANCE X204-2 versions prior to V5.2.6, update to version V5.2.6 or later.
For SCALANCE X204-2FM versions prior to V5.2.6, update to version V5.2.6 or later.
For SCALANCE X204-2LD versions prior to V5.2.6, update to version V5.2.6 or later.
For SCALANCE X204-2LD TS versions prior to V5.2.6, update to version V5.2.6 or later.
For SCALANCE X204-2TS versions prior to V5.2.6, update to version V5.2.6 or later.
For SCALANCE X204IRT versions prior to V5.5.2, update to version V5.5.2 or later.
For SCALANCE X204IRT PRO versions prior to V5.5.2, update to version V5.5.2 or later.
For SCALANCE X206-1 versions prior to V5.2.6, update to version V5.2.6 or later.
For SCALANCE X206-1LD versions prior to V5.2.6, update to version V5.2.6 or later.
For SCALANCE X208 versions prior to V5.2.6, update to version V5.2.6 or later.
For SCALANCE X208PRO versions prior to V5.2.6, update to version V5.2.6 or later.
For SCALANCE X212-2 versions prior to V5.2.6, update to version V5.2.6 or later.
For SCALANCE X212-2LD versions prior to V5.2.6, update to version V5.2.6 or later.
For SCALANCE X216 versions prior to V5.2.6, update to version V5.2.6 or later.
For SCALANCE X224 versions prior to V5.2.6, update to version V5.2.6 or later.
For SCALANCE XF201-3P IRT versions prior to V5.5.2, update to version V5.5.2 or later.
For SCALANCE XF202-2P IRT versions prior to V5.5.2, update to version V5.5.2 or later.
For SCALANCE XF204 versions prior to V5.2.6, update to version V5.2.6 or later.
For SCALANCE XF204-2 versions prior to V5.2.6, update to version V5.2.6 or later.
For SCALANCE XF204-2BA IRT versions prior to V5.5.2, update to version V5.5.2 or later.
For SCALANCE XF204IRT versions prior to V5.5.2, update to version V5.5.2 or later.
For SCALANCE XF206-1 versions prior to V5.2.6, update to version V5.2.6 or later.
For SCALANCE XF208 versions prior to V5.2.6, update to version V5.2.6 or later.
As a temporary workaround, consider restricting access to the affected devices until a patch is available. Avoid using the
XNo parameter in incoming HTTP requests to minimize the risk of exploitation.Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Scalance X200-4P Irt
Scalance X201-3P Irt
Scalance X201-3P Irt Pro
Scalance X202-2P Irt
Scalance Xf204-2
Scalance X204-2Fm
Scalance X204-2Ld
Scalance X204-2Ld Ts
Scalance X204-2Ts
Scalance X204Irt
Scalance X204Irt Pro
Scalance X206-1Ld
Scalance X208
Scalance X208Pro
Scalance X212-2Ld
Scalance X216
Scalance X224
Scalance Xf204
Scalance Xf204-2Ba Irt
Scalance Xf206-1
Scalance Xf208