Description
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.
Published: 2022-07-12
Score: 8.8 High
EPSS: 1.5% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2022-31201 A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.
History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00537}

 epss

{'score': 0.01206}

Tue, 15 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00694}

 epss

{'score': 0.00537}

Mon, 21 Apr 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Subscriptions

Siemens Scalance X200-4p Irt Scalance X200-4p Irt Firmware Scalance X201-3p Irt Scalance X201-3p Irt Firmware Scalance X201-3p Irt Pro Scalance X201-3p Irt Pro Firmware Scalance X202-2irt Scalance X202-2irt Firmware Scalance X202-2p Irt Scalance X202-2p Irt Firmware Scalance X202-2p Irt Pro Scalance X202-2p Irt Pro Firmware Scalance X204-2 Scalance X204-2 Firmware Scalance X204-2fm Scalance X204-2fm Firmware Scalance X204-2ld Scalance X204-2ld Firmware Scalance X204-2ld Ts Scalance X204-2ld Ts Firmware Scalance X204-2ts Scalance X204-2ts Firmware Scalance X204irt Scalance X204irt Firmware Scalance X204irt Pro Scalance X204irt Pro Firmware Scalance X206-1 Scalance X206-1 Firmware Scalance X206-1ld Scalance X206-1ld Firmware Scalance X208 Scalance X208 Firmware Scalance X208 Pro Scalance X208 Pro Firmware Scalance X212-2 Scalance X212-2 Firmware Scalance X212-2ld Scalance X212-2ld Firmware Scalance X216 Scalance X216 Firmware Scalance X224 Scalance X224 Firmware Scalance Xf201-3p Irt Scalance Xf201-3p Irt Firmware Scalance Xf202-2p Irt Scalance Xf202-2p Irt Firmware Scalance Xf204 Scalance Xf204-2 Scalance Xf204-2 Firmware Scalance Xf204-2ba Irt Scalance Xf204-2ba Irt Firmware Scalance Xf204 Firmware Scalance Xf204irt Scalance Xf204irt Firmware Scalance Xf206-1 Scalance Xf206-1 Firmware Scalance Xf208 Scalance Xf208 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published:

Updated: 2025-04-21T13:52:17.065Z

Reserved: 2022-03-07T00:00:00.000Z

Link: CVE-2022-26647

cve-icon Vulnrichment

Updated: 2024-08-03T05:11:43.345Z

cve-icon NVD

Status : Modified

Published: 2022-07-12T10:15:10.257

Modified: 2024-11-21T06:54:15.023

Link: CVE-2022-26647

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses