CVE-2022-26648 - Vulnerability Details

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Siemens	Scalance X200-4p Irt Scalance X200-4p Irt Firmware Scalance X201-3p Irt Scalance X201-3p Irt Firmware Scalance X201-3p Irt Pro Scalance X201-3p Irt Pro Firmware Scalance X202-2irt Scalance X202-2irt Firmware Scalance X202-2p Irt Scalance X202-2p Irt Firmware Scalance X202-2p Irt Pro Scalance X202-2p Irt Pro Firmware Scalance X204-2 Scalance X204-2 Firmware Scalance X204-2fm Scalance X204-2fm Firmware Scalance X204-2ld Scalance X204-2ld Firmware Scalance X204-2ld Ts Scalance X204-2ld Ts Firmware Scalance X204-2ts Scalance X204-2ts Firmware Scalance X204irt Scalance X204irt Firmware Scalance X204irt Pro Scalance X204irt Pro Firmware Scalance X206-1 Scalance X206-1 Firmware Scalance X206-1ld Scalance X206-1ld Firmware Scalance X208 Scalance X208 Firmware Scalance X208 Pro Scalance X208 Pro Firmware Scalance X212-2 Scalance X212-2 Firmware Scalance X212-2ld Scalance X212-2ld Firmware Scalance X216 Scalance X216 Firmware Scalance X224 Scalance X224 Firmware Scalance Xf201-3p Irt Scalance Xf201-3p Irt Firmware Scalance Xf202-2p Irt Scalance Xf202-2p Irt Firmware Scalance Xf204 Scalance Xf204-2 Scalance Xf204-2 Firmware Scalance Xf204-2ba Irt Scalance Xf204-2ba Irt Firmware Scalance Xf204 Firmware Scalance Xf204irt Scalance Xf204irt Firmware Scalance Xf206-1 Scalance Xf206-1 Firmware Scalance Xf208 Scalance Xf208 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:siemens:scalance_x204-2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x204-2:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:siemens:scalance_x204-2fm_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x204-2fm:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:siemens:scalance_x204-2ld_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x204-2ld:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:siemens:scalance_x204-2ld_ts_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x204-2ld_ts:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:siemens:scalance_x204-2ts_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x204-2ts:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:siemens:scalance_x206-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x206-1:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:siemens:scalance_x206-1ld_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x206-1ld:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:siemens:scalance_x208_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x208:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:siemens:scalance_x208_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x208_pro:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:siemens:scalance_x212-2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x212-2:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:siemens:scalance_x212-2ld_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x212-2ld:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:siemens:scalance_x216_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x216:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:siemens:scalance_x224_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x224:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:siemens:scalance_xf204_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf204:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:siemens:scalance_xf204-2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf204-2:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:siemens:scalance_xf206-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf206-1:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:siemens:scalance_xf208_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf208:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:siemens:scalance_x200-4p_irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x200-4p_irt:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:siemens:scalance_x201-3p_irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x201-3p_irt:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:siemens:scalance_x201-3p_irt_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x201-3p_irt_pro:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:siemens:scalance_x202-2irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x202-2irt:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:siemens:scalance_x202-2p_irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x202-2p_irt:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:siemens:scalance_x202-2p_irt_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x202-2p_irt_pro:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:siemens:scalance_x204irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x204irt:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:siemens:scalance_x204irt_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x204irt_pro:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:siemens:scalance_xf201-3p_irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf201-3p_irt:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:siemens:scalance_xf202-2p_irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf202-2p_irt:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:siemens:scalance_xf204-2ba_irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf204-2ba_irt:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:siemens:scalance_xf204irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf204irt:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf

History

Mon, 21 Apr 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2022-07-12T10:06:34.000Z

Updated: 2025-04-21T13:52:07.405Z

Reserved: 2022-03-07T00:00:00.000Z

Link: CVE-2022-26648

Vulnrichment

Updated: 2024-08-03T05:11:43.481Z

NVD

Status : Modified

Published: 2022-07-12T10:15:10.313

Modified: 2024-11-21T06:54:15.187

Link: CVE-2022-26648

Redhat

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object