CVE-2022-26380

Name of the Vulnerable Software and Affected Versions SCALANCE X302-7 versions SCALANCE X304-2FE version SCALANCE X306-1LD FE version SCALANCE X307-2 version SCALANCE X307-3 version SCALANCE X307-3LD version SCALANCE X308-2 version SCALANCE X310 version SCALANCE X320-1 version SCALANCE X408-2 version SCALANCE XR324-4M version SCALANCE XR324-12M version SIPLUS NET SCALANCE X308-2 version

Description The issue is related to the improper validation of a certain SNMP key, which could allow an attacker to trigger a reboot of an affected device by requesting specific SNMP information. This is due to a buffer overflow vulnerability in the device's firmware, allowing an attacker to cause a denial of service.

Recommendations As a temporary workaround, consider disabling the SNMP service on the affected devices until a patch is available. Restrict access to the affected devices to minimize the risk of exploitation. Avoid using the vulnerable SNMP key in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.