CVE-2022-36324

CWE-770 — Allocation without Limits3 documents3 sources

Severity

7.5HIGH

EPSS

1.1%

top 22.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

122

Siemens Ruggedcom Rm1224 Lte(4g) EU Siemens Ruggedcom Rm1224 Lte(4g) NAM Siemens Scalance M804pb +119 more

Timeline

PublishedAug 10

Latest updateAug 11

Description

Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages122 packages

▶CVEListV5siemens/scalance_s615All versions < V7.1.2

▶CVEListV5siemens/scalance_xc208All versions < V4.4

▶CVEListV5siemens/scalance_xc216All versions < V4.4

▶CVEListV5siemens/scalance_xc224All versions < V4.4

▶CVEListV5siemens/scalance_xf204All versions < V4.4

🔴Vulnerability Details

GHSA

GHSA-hm3h-qvm3-r8qv: A vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE W-1700 IEEE 802↗2022-08-11

▶

CVEList

CVE-2022-36324: Affected devices do not properly handle the renegotiation of SSL/TLS parameters↗2022-08-10

▶