CVE-2022-25751

CWE-20Improper Input Validation3 documents3 sources
Severity
7.5HIGH
EPSS
1.9%
top 16.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
49
Siemens Scalance X302-7eec FirmwareSiemens Scalance X304-2fe FirmwareSiemens Scalance X306-1ldfe Firmware+46 more
Timeline
PublishedApr 12
Latest updateApr 13

Description

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V),

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages49 packages

CVEListV5siemens/scalance_x307-2_eec_(230v)All versions < V4.1.4
CVEListV5siemens/scalance_x307-2_eec_(2x_230v)All versions < V4.1.4

Patches

Patch: cert-portal.siemens.comPatch: cert-portal.siemens.com

🔴Vulnerability Details

2
GHSA
GHSA-qcmj-54xw-47h8: A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC2022-04-13
CVEList
CVE-2022-25751: A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC2022-04-12