CVE-2022-36323

CRITICAL

Published 2022-08-10T11:18:33.000Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2022-36323. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1

9.1

/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2023.03.01

0.001

probability

of exploitation in the wild

There is a 0.1% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-01-25

Exploit Probability

Percentile: 0.225

Higher than 22.5% of all CVEs

Attack Vector Metrics

Attack Vector

Not Available

Attack Complexity

Not Available

Privileges Required

Not Available

User Interaction

Not Available

Scope

Not Available

Impact Metrics

Confidentiality

Not Available

Integrity

Not Available

Availability

Not Available

Description

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Siemens

SCALANCE M812-1 ADSL-Router (Annex A)

Affected Versions:

All versions < V7.1.2

Siemens

SCALANCE M812-1 ADSL-Router (Annex B)

Affected Versions:

All versions < V7.1.2

Siemens

SCALANCE M816-1 ADSL-Router (Annex A)

Affected Versions:

All versions < V7.1.2

Siemens

SCALANCE M816-1 ADSL-Router (Annex B)

Affected Versions:

All versions < V7.1.2

Siemens

SCALANCE XC206-2G PoE (54 V DC)

Affected Versions:

All versions < V4.4

Siemens

SCALANCE XC206-2G PoE EEC (54 V DC)

Affected Versions:

All versions < V4.4

Siemens

SCALANCE XC206-2SFP G (EIP DEF.)

Affected Versions:

All versions < V4.4

Siemens

SCALANCE XC216-3G PoE (54 V DC)

Affected Versions:

All versions < V4.4

Siemens

SCALANCE XC216-4C G (EIP Def.)

Affected Versions:

All versions < V4.4

Siemens

SCALANCE XC224-4C G (EIP Def.)

Affected Versions:

All versions < V4.4

Siemens

SCALANCE XR324WG (24 x FE, AC 230V)

Affected Versions:

All versions < V4.4

Siemens

SCALANCE XR324WG (24 X FE, DC 24V)

Affected Versions:

All versions < V4.4

Siemens

SCALANCE XR326-2C PoE WG (without UL)

Affected Versions:

All versions < V4.4

Siemens

SCALANCE XR328-4C WG (24XFE, 4XGE, 24V)

Affected Versions:

All versions < V4.4

Siemens

SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)

Affected Versions:

All versions < V4.4

Siemens

SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)

Affected Versions:

All versions < V4.4

Siemens

SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)

Affected Versions:

All versions < V4.4

Siemens

SCALANCE XR328-4C WG (28xGE, AC 230V)

Affected Versions:

All versions < V4.4

Siemens

SCALANCE XR328-4C WG (28xGE, DC 24V)

Affected Versions:

All versions < V4.4

Siemens

SCALANCE XR524-8C, 1x230V (L3 int.)

Affected Versions:

All versions < V6.6

Siemens

SCALANCE XR524-8C, 24V (L3 int.)

Affected Versions:

All versions < V6.6

Siemens

SCALANCE XR524-8C, 2x230V (L3 int.)

Affected Versions:

All versions < V6.6

Siemens

SCALANCE XR526-8C, 1x230V (L3 int.)

Affected Versions:

All versions < V6.6

Siemens

SCALANCE XR526-8C, 24V (L3 int.)

Affected Versions:

All versions < V6.6

Siemens

SCALANCE XR526-8C, 2x230V (L3 int.)

Affected Versions:

All versions < V6.6

Siemens

SCALANCE XR528-6M (2HR2, L3 int.)

Affected Versions:

All versions < V6.6

Siemens

SCALANCE XR552-12M (2HR2, L3 int.)

Affected Versions:

All versions < V6.6

Siemens

SIPLUS NET SCALANCE XC206-2SFP

Affected Versions:

All versions < V4.4

Siemens

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-qj75-j4wq-j748

Advisory Details

A vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE SC-600 family (All versions < V2.3.1), SCALANCE W-1700 IEEE 802.11ac family (All versions), SCALANCE W-700 IEEE 802.11ax family (All versions), SCALANCE W-700 IEEE 802.11n family (All versions), SCALANCE XB-200 switch family (All versions), SCALANCE XC-200 switch family (All versions), SCALANCE XF-200BA switch family (All versions), SCALANCE XM-400 Family (All versions), SCALANCE XP-200 switch family (All versions), SCALANCE XR-300WG switch family (All versions), SCALANCE XR-500 Family (All versions). Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.

CVSS Scoring

CVSS Score

7.5

CVSS Vector


                                    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-36323

WEB https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf

Advisory provided by GitHub Security Advisory Database. Published: August 11, 2022, Modified: August 18, 2022

References

https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf

Published: 2022-08-10T11:18:33.000Z

Last Modified: 2025-05-20T19:08:26.770Z

Copied to clipboard!