PT-2022-3570 · Siemens · Scalance X307-2+11

Published

2022-04-12

Updated

2022-04-19

CVE-2022-25751

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions SCALANCE X302-7 versions SCALANCE X304-2FE version SCALANCE X306-1LD FE version SCALANCE X307-2 version SCALANCE X307-3 version SCALANCE X307-3LD version SCALANCE X308-2 version SCALANCE X310 version SCALANCE X320-1 version SCALANCE X408-2 version SCALANCE XR324-4M version SCALANCE XR324-12M version SIPLUS NET SCALANCE X308-2 version

Description The affected devices do not properly validate the HTTP headers of incoming requests. This could allow an unauthenticated remote attacker to crash affected devices.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2022-04354

CVE-2022-25751

Affected Products

Scalance X302-7

Scalance X304-2Fe

Scalance X306-1Ld Fe

Scalance X307-2

Scalance X307-3Ld

Scalance X308-2

Scalance X310

Scalance X320-1 Fe

Scalance X408-2

Scalance Xr324-12M

Scalance Xr324-4M

Siplus Net Scalance X308-2

PT-2022-3570 · Siemens · Scalance X307-2+11

CVE-2022-25751

Weakness Enumeration

Related Identifiers

Affected Products

References · 5