PT-2022-3540 · Siemens · Scalance X310+14

Published

2022-04-12

·

Updated

2023-07-10

·

CVE-2022-25755

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions SCALANCE X302-7 EEC (230V) SCALANCE X302-7 EEC (230V, coated) SCALANCE X302-7 EEC (24V) SCALANCE X302-7 EEC (24V, coated) SCALANCE X302-7 EEC (2x 230V) SCALANCE X302-7 EEC (2x 230V, coated) SCALANCE X302-7 EEC (2x 24V) SCALANCE X302-7 EEC (2x 24V, coated) SCALANCE X304-2FE SCALANCE X306-1LD FE SCALANCE X307-2 EEC (230V) SCALANCE X307-2 EEC (230V, coated) SCALANCE X307-2 EEC (24V) SCALANCE X307-2 EEC (24V, coated) SCALANCE X307-2 EEC (2x 230V) SCALANCE X307-2 EEC (2x 230V, coated) SCALANCE X307-2 EEC (2x 24V) SCALANCE X307-2 EEC (2x 24V, coated) SCALANCE X307-3 SCALANCE X307-3LD SCALANCE X308-2 SCALANCE X308-2LD SCALANCE X308-2LH SCALANCE X308-2LH+ SCALANCE X308-2M SCALANCE X308-2M PoE SCALANCE X308-2M TS SCALANCE X310 SCALANCE X310FE SCALANCE X320-1 FE SCALANCE X408-2 SCALANCE XR324-12M (230V, ports on front) SCALANCE XR324-12M (230V, ports on rear) SCALANCE XR324-12M (24V, ports on front) SCALANCE XR324-12M (24V, ports on rear) SCALANCE XR324-12M TS (24V) SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) SCALANCE XR324-4M EEC (24V, ports on front) SCALANCE XR324-4M EEC (24V, ports on rear) SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) SCALANCE XR324-4M EEC (2x 24V, ports on front) SCALANCE XR324-4M EEC (2x 24V, ports on rear) SCALANCE XR324-4M PoE (230V, ports on front) SCALANCE XR324-4M PoE (230V, ports on rear) SCALANCE XR324-4M PoE (24V, ports on front) SCALANCE XR324-4M PoE (24V, ports on rear) SCALANCE XR324-4M PoE TS (24V, ports on front) SIPLUS NET SCALANCE X308-2
Description The webserver of an affected device is missing specific security headers, which could allow a remote attacker to extract confidential session information under certain circumstances. The issue is related to the disclosure of information in the error data area, potentially allowing an attacker to reveal protected information.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-668

Related Identifiers

BDU:2022-04323
CVE-2022-25755

Affected Products

Scalance X302-7 Eec
Scalance X304-2Fe
Scalance X306-1Ld Fe
Scalance X307-2 Eec
Scalance X307-3Ld
Scalance X308-2
Scalance X308-2M
Scalance X308-2M Poe
Scalance X310
Scalance X320-1 Fe
Scalance X408-2
Scalance Xr324-12M
Scalance Xr324-4M Eec
Scalance Xr324-4M Poe
Siplus Net Scalance X308-2