CRITICAL🇬🇧 English

CVE-2022-25752

CVSS 9.8v3.1pub. 2022-04-12upd. 2024-11-21

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Siemens Scalance X302 7eec

    HW
    Siemens
    wszystkie wersje
  • Siemens Scalance X302 7eec Firmware

    OS
    Siemens
    < 4.1.4
  • Siemens Scalance X304 2fe

    HW
    Siemens
    wszystkie wersje
  • Siemens Scalance X304 2fe Firmware

    OS
    Siemens
    < 4.1.4
  • Siemens Scalance X306 1ldfe

    HW
    Siemens
    wszystkie wersje
  • Siemens Scalance X306 1ldfe Firmware

    OS
    Siemens
    < 4.1.4
  • Siemens Scalance X307 2eec

    HW
    Siemens
    wszystkie wersje
  • Siemens Scalance X307 2eec Firmware

    OS
    Siemens
    < 4.1.4
  • Siemens Scalance X307 3

    HW
    Siemens
    wszystkie wersje
  • Siemens Scalance X307 3 Firmware

    OS
    Siemens
    < 4.1.4
  • Siemens Scalance X307 3ld

    HW
    Siemens
    wszystkie wersje
  • Siemens Scalance X307 3ld Firmware

    OS
    Siemens
    < 4.1.4
  • Siemens Scalance X308 2

    HW
    Siemens
    wszystkie wersje
  • Siemens Scalance X308 2 Firmware

    OS
    Siemens
    < 4.1.4
  • Siemens Scalance X308 2ld

    HW
    Siemens
    wszystkie wersje
  • Siemens Scalance X308 2ld Firmware

    OS
    Siemens
    < 4.1.4
  • Siemens Scalance X308 2lh

    HW
    Siemens
    wszystkie wersje
  • Siemens Scalance X308 2lh\+

    HW
    Siemens
    wszystkie wersje
  • Siemens Scalance X308 2lh Firmware

    OS
    Siemens
    < 4.1.4
  • Siemens Scalance X308 2lh\+ Firmware

    OS
    Siemens
    < 4.1.4
  • Siemens Scalance X308 2m

    HW
    Siemens
    wszystkie wersje
  • Siemens Scalance X308 2m Firmware

    OS
    Siemens
    < 4.1.4
  • Siemens Scalance X308 2m Poe

    HW
    Siemens
    wszystkie wersje
  • Siemens Scalance X308 2m Poe Firmware

    OS
    Siemens
    wszystkie wersje
  • Siemens Scalance X308 2m Ts

    HW
    Siemens
    wszystkie wersje
  • Siemens Scalance X308 2m Ts Firmware

    OS
    Siemens
    < 4.1.4
  • Siemens Scalance X310

    HW
    Siemens
    wszystkie wersje
  • Siemens Scalance X310fe

    HW
    Siemens
    wszystkie wersje
  • Siemens Scalance X310fe Firmware

    OS
    Siemens
    < 4.1.4
  • Siemens Scalance X310 Firmware

    OS
    Siemens
    < 4.1.4
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2020-25226CRITICAL9.8ten sam produkt

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions ...

CVE-2020-15800CRITICAL9.8ten sam produkt

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions ...

CVE-2022-25753HIGH8.8ten sam produkt

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANC...

CVE-2022-25751HIGH7.5ten sam produkt

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANC...

CVE-2022-25754HIGH8.8ten sam produkt

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANC...

CVE-2022-25752 — CRITICAL 9.8 | CVEbaza.pl