Missing Authorization in Siemens SCALANCE and RUGGEDCOM Products



Published: 2022-10-13
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-31765
CWE-ID CWE-862
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
SCALANCE SC622-2C
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE SC632-2C
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE SC636-2C
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE SC642-2C
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE SC646-2C
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W721-1 RJ45
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W722-1 RJ45
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W734-1 RJ45
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W738-1 M12
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W748-1 M12
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W748-1 RJ45
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W761-1 RJ45
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W774-1 M12 EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W774-1 RJ45
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W778-1 M12
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W778-1 M12 EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W786-1 RJ45
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W786-2 RJ45
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W786-2 SFP
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W786-2IA RJ45
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W788-1 M12
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W788-1 RJ45
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W788-2 M12
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W788-2 M12 EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W788-2 RJ45
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W1748-1 M12
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W1788-1 M12
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W1788-2 EEC M12
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W1788-2 M12
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE W1788-2IA M12
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE WAM763-1
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE WAM766-1
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE WAM766-1 6GHz
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE WAM766-1 EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE WUM763-1
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE WUM766-1
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE WUM766-1 6GHz
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XB205-3
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XB205-3LD
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XB208
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XB213-3
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XB213-3LD
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XB216
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC206-2
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC206-2G PoE
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC206-2G PoE EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC206-2SFP
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC206-2SFP EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC206-2SFP G
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC206-2SFP G EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC208
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC208EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC208G
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC208G EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC208G PoE
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC216
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC216-3G PoE
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC216-4C
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC216-4C G
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC216-4C G EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC216EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC224
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC224-4C G
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC224-4C G EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XF204
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XF204 DNA
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XF204-2BA
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XF204-2BA DNA
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XM408-4C
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XM408-8C
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XM416-4C
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XP208
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XP208EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XP208PoE EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XP216
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XP216EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XP216POE EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XR324WG
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XR326-2C PoE WG
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XR328-4C WG
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XR524-8C
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XR526-8C
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XR528-6M
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XR552-12M
Hardware solutions / Routers & switches, VoIP, GSM, etc

SIPLUS NET SCALANCE XC206-2
Hardware solutions / Routers & switches, VoIP, GSM, etc

SIPLUS NET SCALANCE XC206-2SFP
Hardware solutions / Routers & switches, VoIP, GSM, etc

SIPLUS NET SCALANCE XC208
Hardware solutions / Routers & switches, VoIP, GSM, etc

SIPLUS NET SCALANCE XC216-4C
Hardware solutions / Routers & switches, VoIP, GSM, etc

RUGGEDCOM RM1224 LTE
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M804PB
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M812-1 ADSL-Router (Annex A)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M812-1 ADSL-Router (Annex B)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M816-1 ADSL-Router (Annex A)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M816-1 ADSL-Router (Annex B)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M826-2 SHDSL-Router
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M874-2
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M874-3
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M876-3
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M876-4
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE MUM853-1
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE MUM856-1
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor Siemens

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Missing Authorization

EUVDB-ID: #VU68289

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-31765

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to the affected device does not properly authorize the change password function of the web interface. A remote user can bypass authorization and escalate their privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SCALANCE SC622-2C: All versions

SCALANCE SC632-2C: All versions

SCALANCE SC636-2C: All versions

SCALANCE SC642-2C: All versions

SCALANCE SC646-2C: All versions

SCALANCE W721-1 RJ45: All versions

SCALANCE W722-1 RJ45: All versions

SCALANCE W734-1 RJ45: All versions

SCALANCE W738-1 M12: All versions

SCALANCE W748-1 M12: All versions

SCALANCE W748-1 RJ45: All versions

SCALANCE W761-1 RJ45: All versions

SCALANCE W774-1 M12 EEC: All versions

SCALANCE W774-1 RJ45: All versions

SCALANCE W778-1 M12: All versions

SCALANCE W778-1 M12 EEC: All versions

SCALANCE W786-1 RJ45: All versions

SCALANCE W786-2 RJ45: All versions

SCALANCE W786-2 SFP: All versions

SCALANCE W786-2IA RJ45: All versions

SCALANCE W788-1 M12: All versions

SCALANCE W788-1 RJ45: All versions

SCALANCE W788-2 M12: All versions

SCALANCE W788-2 M12 EEC: All versions

SCALANCE W788-2 RJ45: All versions

SCALANCE W1748-1 M12: All versions

SCALANCE W1788-1 M12: All versions

SCALANCE W1788-2 EEC M12: All versions

SCALANCE W1788-2 M12: All versions

SCALANCE W1788-2IA M12: All versions

SCALANCE WAM763-1: All versions

SCALANCE WAM766-1: All versions

SCALANCE WAM766-1 6GHz: All versions

SCALANCE WAM766-1 EEC: All versions

SCALANCE WUM763-1: All versions

SCALANCE WUM766-1: All versions

SCALANCE WUM766-1 6GHz: All versions

SCALANCE XB205-3: All versions

SCALANCE XB205-3LD: All versions

SCALANCE XB208: All versions

SCALANCE XB213-3: All versions

SCALANCE XB213-3LD: All versions

SCALANCE XB216: All versions

SCALANCE XC206-2: All versions

SCALANCE XC206-2G PoE: All versions

SCALANCE XC206-2G PoE EEC: All versions

SCALANCE XC206-2SFP: All versions

SCALANCE XC206-2SFP EEC: All versions

SCALANCE XC206-2SFP G: All versions

SCALANCE XC206-2SFP G EEC: All versions

SCALANCE XC208: All versions

SCALANCE XC208EEC: All versions

SCALANCE XC208G: All versions

SCALANCE XC208G EEC: All versions

SCALANCE XC208G PoE: All versions

SCALANCE XC216: All versions

SCALANCE XC216-3G PoE: All versions

SCALANCE XC216-4C: All versions

SCALANCE XC216-4C G: All versions

SCALANCE XC216-4C G EEC: All versions

SCALANCE XC216EEC: All versions

SCALANCE XC224: All versions

SCALANCE XC224-4C G: All versions

SCALANCE XC224-4C G EEC: All versions

SCALANCE XF204: All versions

SCALANCE XF204 DNA: All versions

SCALANCE XF204-2BA: All versions

SCALANCE XF204-2BA DNA: All versions

SCALANCE XM408-4C: All versions

SCALANCE XM408-8C: All versions

SCALANCE XM416-4C: All versions

SCALANCE XP208: All versions

SCALANCE XP208EEC: All versions

SCALANCE XP208PoE EEC: All versions

SCALANCE XP216: All versions

SCALANCE XP216EEC: All versions

SCALANCE XP216POE EEC: All versions

SCALANCE XR324WG: All versions

SCALANCE XR326-2C PoE WG: All versions

SCALANCE XR328-4C WG: All versions

SCALANCE XR524-8C: All versions

SCALANCE XR526-8C: All versions

SCALANCE XR528-6M: All versions

SCALANCE XR552-12M: All versions

SIPLUS NET SCALANCE XC206-2: All versions

SIPLUS NET SCALANCE XC206-2SFP: All versions

SIPLUS NET SCALANCE XC208: All versions

SIPLUS NET SCALANCE XC216-4C: All versions

RUGGEDCOM RM1224 LTE: before 7.1.2

SCALANCE M804PB: before 7.1.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.1.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.1.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.1.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.1.2

SCALANCE M826-2 SHDSL-Router: before 7.1.2

SCALANCE M874-2: before 7.1.2

SCALANCE M874-3: before 7.1.2

SCALANCE M876-3: before 7.1.2

SCALANCE M876-4: before 7.1.2

SCALANCE MUM853-1: before 7.1.2

SCALANCE MUM856-1: before 7.1.2


CPE2.3 External links

http://cert-portal.siemens.com/productcert/pdf/ssa-552702.pdf

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###