CVE-2022-25754

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

8.8HIGH

EPSS

0.2%

top 60.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Scalance X302-7eec Firmware Siemens Scalance X304-2fe Firmware Siemens Scalance X306-1ldfe Firmware +46 more

Timeline

PublishedApr 12

Latest updateApr 13

Description

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V),…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages49 packages

▶CVEListV5siemens/scalance_x307-2_eec_(230v)All versions < V4.1.4

▶CVEListV5siemens/scalance_x307-2_eec_(2x_230v)All versions < V4.1.4

▶NVDsiemens/scalance_xr324-12m_firmware< 4.1.4

▶NVDsiemens/scalance_xr324-12m_ts_firmware< 4.1.4

▶NVDsiemens/scalance_xr324-4m_eec_firmware< 4.1.4

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-pm3p-vw5f-jpj5: A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC↗2022-04-13

▶

CVEList

CVE-2022-25754: A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC↗2022-04-12

▶