Buffer overflow in Siemens products - CVE-2022-26649
Published: July 14, 2022 / Updated: July 14, 2022
Vulnerability identifier: #VU65296
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-26649
CWE-ID: CWE-119
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
SCALANCE X200-4P IRT
SCALANCE X201-3P IRT
SCALANCE X201-3P IRT PRO
SCALANCE X202-2IRT
SCALANCE X202-2P IRT
SCALANCE X202-2P IRT PRO
SCALANCE X204IRT
SCALANCE X204IRT PRO
SCALANCE XF201-3P IRT
SCALANCE XF202-2P IRT
SCALANCE XF204-2BA IRT
SCALANCE XF204IRT
SCALANCE X204-2
SCALANCE X204-2FM
SCALANCE X204-2LD
SCALANCE X204-2LD TS
SCALANCE X204-2TS
SCALANCE X206-1
SCALANCE X206-1LD
SCALANCE X208
SCALANCE X208PRO
SCALANCE X212-2
SCALANCE X212-2LD
SCALANCE X216
SCALANCE X224
SCALANCE XF204
SCALANCE XF204-2
SCALANCE XF206-1
SCALANCE XF208
SCALANCE X200-4P IRT
SCALANCE X201-3P IRT
SCALANCE X201-3P IRT PRO
SCALANCE X202-2IRT
SCALANCE X202-2P IRT
SCALANCE X202-2P IRT PRO
SCALANCE X204IRT
SCALANCE X204IRT PRO
SCALANCE XF201-3P IRT
SCALANCE XF202-2P IRT
SCALANCE XF204-2BA IRT
SCALANCE XF204IRT
SCALANCE X204-2
SCALANCE X204-2FM
SCALANCE X204-2LD
SCALANCE X204-2LD TS
SCALANCE X204-2TS
SCALANCE X206-1
SCALANCE X206-1LD
SCALANCE X208
SCALANCE X208PRO
SCALANCE X212-2
SCALANCE X212-2LD
SCALANCE X216
SCALANCE X224
SCALANCE XF204
SCALANCE XF204-2
SCALANCE XF206-1
SCALANCE XF208
Software vendor:
Siemens
Siemens
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the the URI of incoming HTTP GET requests. A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install updates from vendor's website.