CVE-2022-36323

CWE-743 documents3 sources
Severity
7.2HIGH
EPSS
0.5%
top 32.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
128
Siemens Scalance Sc-600 FirmwareSiemens Scalance Sc622-2c FirmwareSiemens Scalance Sc632-2c Firmware+125 more
Timeline
PublishedAug 10
Latest updateAug 11

Description

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages128 packages

Patches

Patch: cert-portal.siemens.comPatch: cert-portal.siemens.com

🔴Vulnerability Details

2
GHSA
GHSA-qj75-j4wq-j748: A vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE SC-600 family (All versions < V22022-08-11
CVEList
CVE-2022-36323: Affected devices do not properly sanitize an input field2022-08-10