CVE-2022-36323

Description

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

9.1 Critical

Impact Score:

Exploitability Score:

2.3

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

High

User Interaction (UI):

None

Scope (S):

Changed

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

General Information

Offensive Application

Unknown

Utility Class

Unknown

Ports

Unknown

Vulnerable Versions

RUGGEDCOM RM1224 LTE(4G) EU All versions < V7.1.2

RUGGEDCOM RM1224 LTE(4G) NAM All versions < V7.1.2

SCALANCE M804PB All versions < V7.1.2

SCALANCE M812-1 ADSL-Router (Annex A) All versions < V7.1.2

SCALANCE M812-1 ADSL-Router (Annex B) All versions < V7.1.2

SCALANCE M816-1 ADSL-Router (Annex A) All versions < V7.1.2

SCALANCE M816-1 ADSL-Router (Annex B) All versions < V7.1.2

SCALANCE M826-2 SHDSL-Router All versions < V7.1.2

SCALANCE M874-2 All versions < V7.1.2

SCALANCE M874-3 All versions < V7.1.2

SCALANCE M876-3 (EVDO) All versions < V7.1.2

SCALANCE M876-3 (ROK) All versions < V7.1.2

SCALANCE M876-4 (EU) All versions < V7.1.2

SCALANCE M876-4 (NAM) All versions < V7.1.2

SCALANCE MUM853-1 (EU) All versions < V7.1.2

SCALANCE MUM856-1 (EU) All versions < V7.1.2

SCALANCE MUM856-1 (RoW) All versions < V7.1.2

SCALANCE S615 All versions < V7.1.2

SCALANCE SC622-2C All versions < V2.3.1

SCALANCE SC626-2C All versions < V2.3.1

SCALANCE SC632-2C All versions < V2.3.1

SCALANCE SC636-2C All versions < V2.3.1

SCALANCE SC642-2C All versions < V2.3.1

SCALANCE SC646-2C All versions < V2.3.1

SCALANCE W1748-1 M12 All versions

SCALANCE W1788-1 M12 All versions

SCALANCE W1788-2 EEC M12 All versions

SCALANCE W1788-2 M12 All versions

SCALANCE W1788-2IA M12 All versions

SCALANCE W721-1 RJ45 All versions

SCALANCE W722-1 RJ45 All versions

SCALANCE W734-1 RJ45 All versions

SCALANCE W734-1 RJ45 (USA) All versions

SCALANCE W738-1 M12 All versions

SCALANCE W748-1 M12 All versions

SCALANCE W748-1 RJ45 All versions

SCALANCE W761-1 RJ45 All versions

SCALANCE W774-1 M12 EEC All versions

SCALANCE W774-1 RJ45 All versions

SCALANCE W774-1 RJ45 (USA) All versions

SCALANCE W778-1 M12 All versions

SCALANCE W778-1 M12 EEC All versions

SCALANCE W778-1 M12 EEC (USA) All versions

SCALANCE W786-1 RJ45 All versions

SCALANCE W786-2 RJ45 All versions

SCALANCE W786-2 SFP All versions

SCALANCE W786-2IA RJ45 All versions

SCALANCE W788-1 M12 All versions

SCALANCE W788-1 RJ45 All versions

SCALANCE W788-2 M12 All versions

SCALANCE W788-2 M12 EEC All versions

SCALANCE W788-2 RJ45 All versions

SCALANCE WAM763-1 All versions < V2.0

SCALANCE WAM766-1 (EU) All versions < V2.0

SCALANCE WAM766-1 (US) All versions < V2.0

SCALANCE WAM766-1 EEC (EU) All versions < V2.0

SCALANCE WAM766-1 EEC (US) All versions < V2.0

SCALANCE WUM763-1 All versions < V2.0

SCALANCE WUM766-1 (EU) All versions < V2.0

SCALANCE WUM766-1 (US) All versions < V2.0

SCALANCE XB205-3 (SC, PN) All versions < V4.4

SCALANCE XB205-3 (ST, E/IP) All versions < V4.4

SCALANCE XB205-3 (ST, PN) All versions < V4.4

SCALANCE XB205-3LD (SC, E/IP) All versions < V4.4

SCALANCE XB205-3LD (SC, PN) All versions < V4.4

SCALANCE XB208 (E/IP) All versions < V4.4

SCALANCE XB208 (PN) All versions < V4.4

SCALANCE XB213-3 (SC, E/IP) All versions < V4.4

SCALANCE XB213-3 (SC, PN) All versions < V4.4

SCALANCE XB213-3 (ST, E/IP) All versions < V4.4

SCALANCE XB213-3 (ST, PN) All versions < V4.4

SCALANCE XB213-3LD (SC, E/IP) All versions < V4.4

SCALANCE XB213-3LD (SC, PN) All versions < V4.4

SCALANCE XB216 (E/IP) All versions < V4.4

SCALANCE XB216 (PN) All versions < V4.4

SCALANCE XC206-2 (SC) All versions < V4.4

SCALANCE XC206-2 (ST/BFOC) All versions < V4.4

SCALANCE XC206-2G PoE All versions < V4.4

SCALANCE XC206-2G PoE (54 V DC) All versions < V4.4

SCALANCE XC206-2G PoE EEC (54 V DC) All versions < V4.4

SCALANCE XC206-2SFP All versions < V4.4

SCALANCE XC206-2SFP EEC All versions < V4.4

SCALANCE XC206-2SFP G All versions < V4.4

SCALANCE XC206-2SFP G (EIP DEF.) All versions < V4.4

SCALANCE XC206-2SFP G EEC All versions < V4.4

SCALANCE XC208 All versions < V4.4

SCALANCE XC208EEC All versions < V4.4

SCALANCE XC208G All versions < V4.4

SCALANCE XC208G (EIP def.) All versions < V4.4

SCALANCE XC208G EEC All versions < V4.4

SCALANCE XC208G PoE All versions < V4.4

SCALANCE XC208G PoE (54 V DC) All versions < V4.4

SCALANCE XC216 All versions < V4.4

SCALANCE XC216-3G PoE All versions < V4.4

SCALANCE XC216-3G PoE (54 V DC) All versions < V4.4

SCALANCE XC216-4C All versions < V4.4

SCALANCE XC216-4C G All versions < V4.4

SCALANCE XC216-4C G (EIP Def.) All versions < V4.4

SCALANCE XC216-4C G EEC All versions < V4.4

SCALANCE XC216EEC All versions < V4.4

SCALANCE XC224 All versions < V4.4

SCALANCE XC224-4C G All versions < V4.4

SCALANCE XC224-4C G (EIP Def.) All versions < V4.4

SCALANCE XC224-4C G EEC All versions < V4.4

SCALANCE XF204 All versions < V4.4

SCALANCE XF204 DNA All versions < V4.4

SCALANCE XF204-2BA All versions < V4.4

SCALANCE XF204-2BA DNA All versions < V4.4

SCALANCE XM408-4C All versions < V6.6

SCALANCE XM408-4C (L3 int.) All versions < V6.6

SCALANCE XM408-8C All versions < V6.6

SCALANCE XM408-8C (L3 int.) All versions < V6.6

SCALANCE XM416-4C All versions < V6.6

SCALANCE XM416-4C (L3 int.) All versions < V6.6

SCALANCE XP208 All versions < V4.4

SCALANCE XP208 (Ethernet/IP) All versions < V4.4

SCALANCE XP208EEC All versions < V4.4

SCALANCE XP208PoE EEC All versions < V4.4

SCALANCE XP216 All versions < V4.4

SCALANCE XP216 (Ethernet/IP) All versions < V4.4

SCALANCE XP216EEC All versions < V4.4

SCALANCE XP216POE EEC All versions < V4.4

SCALANCE XR324WG (24 x FE, AC 230V) All versions < V4.4

SCALANCE XR324WG (24 X FE, DC 24V) All versions < V4.4

SCALANCE XR326-2C PoE WG All versions < V4.4

SCALANCE XR326-2C PoE WG (without UL) All versions < V4.4

SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) All versions < V4.4

SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) All versions < V4.4

SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) All versions < V4.4

SCALANCE XR328-4C WG (28xGE, AC 230V) All versions < V4.4

SCALANCE XR328-4C WG (28xGE, DC 24V) All versions < V4.4

SCALANCE XR524-8C, 1x230V All versions < V6.6

SCALANCE XR524-8C, 1x230V (L3 int.) All versions < V6.6

SCALANCE XR524-8C, 24V All versions < V6.6

SCALANCE XR524-8C, 24V (L3 int.) All versions < V6.6

SCALANCE XR524-8C, 2x230V All versions < V6.6

SCALANCE XR524-8C, 2x230V (L3 int.) All versions < V6.6

SCALANCE XR526-8C, 1x230V All versions < V6.6

SCALANCE XR526-8C, 1x230V (L3 int.) All versions < V6.6

SCALANCE XR526-8C, 24V All versions < V6.6

SCALANCE XR526-8C, 24V (L3 int.) All versions < V6.6

SCALANCE XR526-8C, 2x230V All versions < V6.6

SCALANCE XR526-8C, 2x230V (L3 int.) All versions < V6.6

SCALANCE XR528-6M All versions < V6.6

SCALANCE XR528-6M (2HR2, L3 int.) All versions < V6.6

SCALANCE XR528-6M (2HR2) All versions < V6.6

SCALANCE XR528-6M (L3 int.) All versions < V6.6

SCALANCE XR552-12M All versions < V6.6

SCALANCE XR552-12M (2HR2, L3 int.) All versions < V6.6

SCALANCE XR552-12M (2HR2) All versions < V6.6

SIPLUS NET SCALANCE XC206-2 All versions < V4.4

SIPLUS NET SCALANCE XC206-2SFP All versions < V4.4

SIPLUS NET SCALANCE XC208 All versions < V4.4

SIPLUS NET SCALANCE XC216-4C All versions < V4.4

Prerequisites

Unknown

Discovered By

Unknown

PoC Author

Unknown

Metasploit Module

Unknown

Reporter

Unknown

Vendors

siemens

Products

References

Canonical

CVE-2022-36323 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36323)

Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf

Rapid7

Unknown

Unknown

Unknown

None

High

Network

CVE-2022-36323

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Advisory

Additional Info

Technical Analysis

Unknown

CVE-2022-36323

Unknown

Unknown

None

High

Network

CVE-2022-36323

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Advisory

Additional Info

Technical Analysis

Quick Cookie Notification