Siemens SCALANCE devices code execution | CVE-2022-36323
NAME
Siemens SCALANCE devices code execution
- Platforms Affected:
Siemens SCALANCE M-800
Siemens SCALANCE XB-200
Siemens SCALANCE XP-200
Siemens SCALANCE XR-300WG
Siemens SCALANCE X-200
Siemens SCALANCE X-200IRT
Siemens SCALANCE X-300
Siemens SCALANCE SC-600
Siemens SCALANCE W-700
Siemens SCALANCE W-700 IEEE 802.11n
Siemens SCALANCE XM-400 - Risk Level:
9.1 - Exploitability:
Unproven - Consequences:
Gain Access
DESCRIPTION
Siemens SCALANCE devices could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to to inject code or spawn a system root shell.
CVSS 3.0 Information
- Privileges Required: High
- User Interaction: None
- Scope: Changed
- Access Vector: Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Refer to Siemens Security Advisory SSA-710008 for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf - Reference Link:
https://www.cisa.gov/uscert/ics/advisories/icsa-22-223-07
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon using the button below
To keep up to date follow us on the below channels.