CVE-2022-25751

Description

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the HTTP headers of incoming requests. This could allow an unauthenticated remote attacker to crash affected devices.

References

Link	Tags
https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf	patch vendor advisory mitigation

Frequently Asked Questions

What is the severity of CVE-2022-25751?: CVE-2022-25751 has been scored as a high severity vulnerability.
How to fix CVE-2022-25751?: To fix CVE-2022-25751, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-25751 being actively exploited in the wild?: It is possible that CVE-2022-25751 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~3% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-25751?: CVE-2022-25751 affects Siemens SCALANCE X302-7 EEC (230V), Siemens SCALANCE X302-7 EEC (230V, coated), Siemens SCALANCE X302-7 EEC (24V), Siemens SCALANCE X302-7 EEC (24V, coated), Siemens SCALANCE X302-7 EEC (2x 230V), Siemens SCALANCE X302-7 EEC (2x 230V, coated), Siemens SCALANCE X302-7 EEC (2x 24V), Siemens SCALANCE X302-7 EEC (2x 24V, coated), Siemens SCALANCE X304-2FE, Siemens SCALANCE X306-1LD FE, Siemens SCALANCE X307-2 EEC (230V), Siemens SCALANCE X307-2 EEC (230V, coated), Siemens SCALANCE X307-2 EEC (24V), Siemens SCALANCE X307-2 EEC (24V, coated), Siemens SCALANCE X307-2 EEC (2x 230V), Siemens SCALANCE X307-2 EEC (2x 230V, coated), Siemens SCALANCE X307-2 EEC (2x 24V), Siemens SCALANCE X307-2 EEC (2x 24V, coated), Siemens SCALANCE X307-3, Siemens SCALANCE X307-3, Siemens SCALANCE X307-3LD, Siemens SCALANCE X307-3LD, Siemens SCALANCE X308-2, Siemens SCALANCE X308-2, Siemens SCALANCE X308-2LD, Siemens SCALANCE X308-2LD, Siemens SCALANCE X308-2LH, Siemens SCALANCE X308-2LH, Siemens SCALANCE X308-2LH+, Siemens SCALANCE X308-2LH+, Siemens SCALANCE X308-2M, Siemens SCALANCE X308-2M, Siemens SCALANCE X308-2M PoE, Siemens SCALANCE X308-2M PoE, Siemens SCALANCE X308-2M TS, Siemens SCALANCE X308-2M TS, Siemens SCALANCE X310, Siemens SCALANCE X310, Siemens SCALANCE X310FE, Siemens SCALANCE X310FE, Siemens SCALANCE X320-1 FE, Siemens SCALANCE X320-1-2LD FE, Siemens SCALANCE X408-2, Siemens SCALANCE XR324-12M (230V, ports on front), Siemens SCALANCE XR324-12M (230V, ports on front), Siemens SCALANCE XR324-12M (230V, ports on rear), Siemens SCALANCE XR324-12M (230V, ports on rear), Siemens SCALANCE XR324-12M (24V, ports on front), Siemens SCALANCE XR324-12M (24V, ports on front), Siemens SCALANCE XR324-12M (24V, ports on rear), Siemens SCALANCE XR324-12M (24V, ports on rear), Siemens SCALANCE XR324-12M TS (24V), Siemens SCALANCE XR324-12M TS (24V), Siemens SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), Siemens SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), Siemens SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), Siemens SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), Siemens SCALANCE XR324-4M EEC (24V, ports on front), Siemens SCALANCE XR324-4M EEC (24V, ports on front), Siemens SCALANCE XR324-4M EEC (24V, ports on rear), Siemens SCALANCE XR324-4M EEC (24V, ports on rear), Siemens SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), Siemens SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), Siemens SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), Siemens SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), Siemens SCALANCE XR324-4M EEC (2x 24V, ports on front), Siemens SCALANCE XR324-4M EEC (2x 24V, ports on front), Siemens SCALANCE XR324-4M EEC (2x 24V, ports on rear), Siemens SCALANCE XR324-4M EEC (2x 24V, ports on rear), Siemens SCALANCE XR324-4M PoE (230V, ports on front), Siemens SCALANCE XR324-4M PoE (230V, ports on rear), Siemens SCALANCE XR324-4M PoE (24V, ports on front), Siemens SCALANCE XR324-4M PoE (24V, ports on rear), Siemens SCALANCE XR324-4M PoE TS (24V, ports on front), Siemens SIPLUS NET SCALANCE X308-2.

Description

Category

CWE-20 – Improper Input Validation

References

Frequently Asked Questions