CVE-2022-40631 - Vulnerability Details

Description

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT (All versions < V5.5.0), SCALANCE X202-2P IRT (All versions < V5.5.0), SCALANCE X202-2P IRT PRO (All versions < V5.5.0), SCALANCE X204-2 (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X204IRT (All versions < V5.5.0), SCALANCE X204IRT PRO (All versions < V5.5.0), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < V5.5.0), SCALANCE XF202-2P IRT (All versions < V5.5.0), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204-2 (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < V5.5.0), SCALANCE XF204IRT (All versions < V5.5.0), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.0). There is a cross-site scripting vulnerability on the affected devices, that if used by a threat actor, it could result in session hijacking.

Published: 2022-10-11

Score: 6.1 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Siemens

SCALANCE X200-4P IRT

affected

Version	Status	Constraints
`All versions < V5.5.0`	affected	—

Siemens

SCALANCE X201-3P IRT

affected

Version	Status	Constraints
`All versions < V5.5.0`	affected	—

Siemens

SCALANCE X201-3P IRT PRO

affected

Version	Status	Constraints
`All versions < V5.5.0`	affected	—

Siemens

SCALANCE X202-2IRT

affected

Version	Status	Constraints
`All versions < V5.5.0`	affected	—

Siemens

SCALANCE X202-2P IRT

affected

Version	Status	Constraints
`All versions < V5.5.0`	affected	—

Siemens

SCALANCE X202-2P IRT PRO

affected

Version	Status	Constraints
`All versions < V5.5.0`	affected	—

Siemens

SCALANCE X204-2

affected

Version	Status	Constraints
`All versions < V5.2.5`	affected	—

Siemens

SCALANCE X204-2FM

affected

Version	Status	Constraints
`All versions < V5.2.5`	affected	—

Siemens

SCALANCE X204-2LD

affected

Version	Status	Constraints
`All versions < V5.2.5`	affected	—

Siemens

SCALANCE X204-2LD TS

affected

Version	Status	Constraints
`All versions < V5.2.5`	affected	—

Siemens

SCALANCE X204-2TS

affected

Version	Status	Constraints
`All versions < V5.2.5`	affected	—

Siemens

SCALANCE X204IRT

affected

Version	Status	Constraints
`All versions < V5.5.0`	affected	—

Siemens

SCALANCE X204IRT PRO

affected

Version	Status	Constraints
`All versions < V5.5.0`	affected	—

Siemens

SCALANCE X206-1

affected

Version	Status	Constraints
`All versions < V5.2.5`	affected	—

Siemens

SCALANCE X206-1LD

affected

Version	Status	Constraints
`All versions < V5.2.5`	affected	—

Siemens

SCALANCE X208

affected

Version	Status	Constraints
`All versions < V5.2.5`	affected	—

Siemens

SCALANCE X208PRO

affected

Version	Status	Constraints
`All versions < V5.2.5`	affected	—

Siemens

SCALANCE X212-2

affected

Version	Status	Constraints
`All versions < V5.2.5`	affected	—

Siemens

SCALANCE X212-2LD

affected

Version	Status	Constraints
`All versions < V5.2.5`	affected	—

Siemens

SCALANCE X216

affected

Version	Status	Constraints
`All versions < V5.2.5`	affected	—

Siemens

SCALANCE X224

affected

Version	Status	Constraints
`All versions < V5.2.5`	affected	—

Siemens

SCALANCE XF201-3P IRT

affected

Version	Status	Constraints
`All versions < V5.5.0`	affected	—

Siemens

SCALANCE XF202-2P IRT

affected

Version	Status	Constraints
`All versions < V5.5.0`	affected	—

Siemens

SCALANCE XF204

affected

Version	Status	Constraints
`All versions < V5.2.5`	affected	—

Siemens

SCALANCE XF204-2

affected

Version	Status	Constraints
`All versions < V5.2.5`	affected	—

Siemens

SCALANCE XF204-2BA IRT

affected

Version	Status	Constraints
`All versions < V5.5.0`	affected	—

Siemens

SCALANCE XF204IRT

affected

Version	Status	Constraints
`All versions < V5.5.0`	affected	—

Siemens

SCALANCE XF206-1

affected

Version	Status	Constraints
`All versions < V5.2.5`	affected	—

Siemens

SCALANCE XF208

affected

Version	Status	Constraints
`All versions < V5.2.5`	affected	—

Siemens

SIPLUS NET SCALANCE X202-2P IRT

affected

Version	Status	Constraints
`All versions < V5.5.0`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:siemens:scalance_x200-4p_irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x200-4p_irt:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:siemens:scalance_x201-3p_irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x201-3p_irt:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:siemens:scalance_x201-3p_irt_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x201-3p_irt_pro:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:siemens:scalance_x202-2irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x202-2irt:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:siemens:scalance_x202-2p_irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x202-2p_irt:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:siemens:scalance_x202-2p_irt_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x202-2p_irt_pro:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:siemens:scalance_x204-2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x204-2:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:siemens:scalance_x204-2fm_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x204-2fm:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:siemens:scalance_x204-2ld_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x204-2ld:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:siemens:scalance_x204-2ld_ts_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x204-2ld_ts:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:siemens:scalance_x204-2ts_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x204-2ts:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:siemens:scalance_x204irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x204irt:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:siemens:scalance_x204irt_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x204irt_pro:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:siemens:scalance_x206-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x206-1:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:siemens:scalance_x206-1ld_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x206-1ld:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:siemens:scalance_x208_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x208:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:siemens:scalance_x208pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x208pro:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:siemens:scalance_x212-2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x212-2:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:siemens:scalance_x212-2ld_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x212-2ld:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:siemens:scalance_x216_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x216:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:siemens:scalance_x224_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x224:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:siemens:scalance_xf201-3p_irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf201-3p_irt:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:siemens:scalance_xf202-2p_irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf202-2p_irt:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:siemens:scalance_xf204_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf204:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:siemens:scalance_xf204-2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf204-2:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:siemens:scalance_xf204-2ba_irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf204-2ba_irt:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:siemens:scalance_xf204irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf204irt:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:siemens:scalance_xf206-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf206-1:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:siemens:scalance_xf208_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf208:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:siemens:siplus_net_scalance_x202-2p_irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:siplus_net_scalance_x202-2p_irt:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2022-43905	A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT (All versions < V5.5.0), SCALANCE X202-2P IRT (All versions < V5.5.0), SCALANCE X202-2P IRT PRO (All versions < V5.5.0), SCALANCE X204-2 (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X204IRT (All versions < V5.5.0), SCALANCE X204IRT PRO (All versions < V5.5.0), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < V5.5.0), SCALANCE XF202-2P IRT (All versions < V5.5.0), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204-2 (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < V5.5.0), SCALANCE XF204IRT (All versions < V5.5.0), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.0). There is a cross-site scripting vulnerability on the affected devices, that if used by a threat actor, it could result in session hijacking.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00669.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-501891.pdf

History

No history.

Subscriptions

Siemens Scalance X200-4p Irt Scalance X200-4p Irt Firmware Scalance X201-3p Irt Scalance X201-3p Irt Firmware Scalance X201-3p Irt Pro Scalance X201-3p Irt Pro Firmware Scalance X202-2irt Scalance X202-2irt Firmware Scalance X202-2p Irt Scalance X202-2p Irt Firmware Scalance X202-2p Irt Pro Scalance X202-2p Irt Pro Firmware Scalance X204-2 Scalance X204-2 Firmware Scalance X204-2fm Scalance X204-2fm Firmware Scalance X204-2ld Scalance X204-2ld Firmware Scalance X204-2ld Ts Scalance X204-2ld Ts Firmware Scalance X204-2ts Scalance X204-2ts Firmware Scalance X204irt Scalance X204irt Firmware Scalance X204irt Pro Scalance X204irt Pro Firmware Scalance X206-1 Scalance X206-1 Firmware Scalance X206-1ld Scalance X206-1ld Firmware Scalance X208 Scalance X208 Firmware Scalance X208pro Scalance X208pro Firmware Scalance X212-2 Scalance X212-2 Firmware Scalance X212-2ld Scalance X212-2ld Firmware Scalance X216 Scalance X216 Firmware Scalance X224 Scalance X224 Firmware Scalance Xf201-3p Irt Scalance Xf201-3p Irt Firmware Scalance Xf202-2p Irt Scalance Xf202-2p Irt Firmware Scalance Xf204 Scalance Xf204-2 Scalance Xf204-2 Firmware Scalance Xf204-2ba Irt Scalance Xf204-2ba Irt Firmware Scalance Xf204 Firmware Scalance Xf204irt Scalance Xf204irt Firmware Scalance Xf206-1 Scalance Xf206-1 Firmware Scalance Xf208 Scalance Xf208 Firmware Siplus Net Scalance X202-2p Irt Siplus Net Scalance X202-2p Irt Firmware

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2022-10-11T00:00:00.000Z

Updated: 2024-08-03T12:21:46.592Z

Reserved: 2022-09-13T00:00:00.000Z

Link: CVE-2022-40631

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-10-11T11:15:10.997

Modified: 2024-11-21T07:21:44.787

Link: CVE-2022-40631

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-79

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object