CVE-2022-40631 - OpenCVE

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT (All versions < V5.5.0), SCALANCE X202-2P IRT (All versions < V5.5.0), SCALANCE X202-2P IRT PRO (All versions < V5.5.0), SCALANCE X204-2 (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X204IRT (All versions < V5.5.0), SCALANCE X204IRT PRO (All versions < V5.5.0), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < V5.5.0), SCALANCE XF202-2P IRT (All versions < V5.5.0), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204-2 (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < V5.5.0), SCALANCE XF204IRT (All versions < V5.5.0), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.0). There is a cross-site scripting vulnerability on the affected devices, that if used by a threat actor, it could result in session hijacking.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens	Scalance X200-4p Irt Scalance X200-4p Irt Firmware Scalance X201-3p Irt Scalance X201-3p Irt Firmware Scalance X201-3p Irt Pro Scalance X201-3p Irt Pro Firmware Scalance X202-2irt Scalance X202-2irt Firmware Scalance X202-2p Irt Scalance X202-2p Irt Firmware Scalance X202-2p Irt Pro Scalance X202-2p Irt Pro Firmware Scalance X204-2 Scalance X204-2 Firmware Scalance X204-2fm Scalance X204-2fm Firmware Scalance X204-2ld Scalance X204-2ld Firmware Scalance X204-2ld Ts Scalance X204-2ld Ts Firmware Scalance X204-2ts Scalance X204-2ts Firmware Scalance X204irt Scalance X204irt Firmware Scalance X204irt Pro Scalance X204irt Pro Firmware Scalance X206-1 Scalance X206-1 Firmware Scalance X206-1ld Scalance X206-1ld Firmware Scalance X208 Scalance X208 Firmware Scalance X208pro Scalance X208pro Firmware Scalance X212-2 Scalance X212-2 Firmware Scalance X212-2ld Scalance X212-2ld Firmware Scalance X216 Scalance X216 Firmware Scalance X224 Scalance X224 Firmware Scalance Xf201-3p Irt Scalance Xf201-3p Irt Firmware Scalance Xf202-2p Irt Scalance Xf202-2p Irt Firmware Scalance Xf204 Scalance Xf204-2 Scalance Xf204-2 Firmware Scalance Xf204-2ba Irt Scalance Xf204-2ba Irt Firmware Scalance Xf204 Firmware Scalance Xf204irt Scalance Xf204irt Firmware Scalance Xf206-1 Scalance Xf206-1 Firmware Scalance Xf208 Scalance Xf208 Firmware Siplus Net Scalance X202-2p Irt Siplus Net Scalance X202-2p Irt Firmware

Configuration 1 [-]

AND

cpe:2.3:o:siemens:scalance_x200-4p_irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x200-4p_irt:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:siemens:scalance_x201-3p_irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x201-3p_irt:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:siemens:scalance_x201-3p_irt_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x201-3p_irt_pro:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:siemens:scalance_x202-2irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x202-2irt:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:siemens:scalance_x202-2p_irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x202-2p_irt:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:siemens:scalance_x202-2p_irt_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x202-2p_irt_pro:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:siemens:scalance_x204-2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x204-2:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:siemens:scalance_x204-2fm_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x204-2fm:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:siemens:scalance_x204-2ld_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x204-2ld:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:siemens:scalance_x204-2ld_ts_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x204-2ld_ts:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:siemens:scalance_x204-2ts_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x204-2ts:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:siemens:scalance_x204irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x204irt:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:siemens:scalance_x204irt_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x204irt_pro:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:siemens:scalance_x206-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x206-1:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:siemens:scalance_x206-1ld_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x206-1ld:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:siemens:scalance_x208_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x208:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:siemens:scalance_x208pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x208pro:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:siemens:scalance_x212-2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x212-2:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:siemens:scalance_x212-2ld_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x212-2ld:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:siemens:scalance_x216_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x216:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:siemens:scalance_x224_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x224:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:siemens:scalance_xf201-3p_irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf201-3p_irt:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:siemens:scalance_xf202-2p_irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf202-2p_irt:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:siemens:scalance_xf204_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf204:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:siemens:scalance_xf204-2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf204-2:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:siemens:scalance_xf204-2ba_irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf204-2ba_irt:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:siemens:scalance_xf204irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf204irt:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:siemens:scalance_xf206-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf206-1:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:siemens:scalance_xf208_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf208:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:siemens:siplus_net_scalance_x202-2p_irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:siplus_net_scalance_x202-2p_irt:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-501891.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2022-10-11T00:00:00

Updated: 2024-08-03T12:21:46.592Z

Reserved: 2022-09-13T00:00:00

Link: CVE-2022-40631

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-10-11T11:15:10.997

Modified: 2022-10-14T17:07:54.777

Link: CVE-2022-40631

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object