VDB
ICSA-22-167-10
ICSA-22-167-10
PUBLISHED
CVSS 5.900000095367432 MEDIUM
SCALANCE XM-400 and XR-500 devices contain a vulnerability in the OSPF protocol implementation that could allow an unauthenticated remote attacker to cause interruptions in the network. Siemens has released updates for the affected products and recommends to update to the latest versions.
Risk Scores
CVSS v3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SCALANCE XM416-4C (L3 int.) | ||
| SCALANCE XR526-8C, 1x230V | ||
| SCALANCE XR524-8C, 2x230V | ||
| SCALANCE XR524-8C, 1x230V | ||
| SCALANCE XR524-8C, 24V | ||
| SCALANCE XR526-8C, 1x230V (L3 int.) | ||
| SCALANCE XR526-8C, 2x230V (L3 int.) | ||
| SCALANCE XR528-6M (2HR2) | ||
| SCALANCE XM408-8C | ||
| SCALANCE XM408-8C (L3 int.) | ||
| SCALANCE XR524-8C, 24V (L3 int.) | ||
| SCALANCE XR524-8C, 2x230V (L3 int.) | ||
| SCALANCE XM416-4C | ||
| SCALANCE XR528-6M | ||
| SCALANCE XR526-8C, 2x230V | ||
| SCALANCE XM408-4C (L3 int.) | ||
| SCALANCE XR526-8C, 24V | ||
| SCALANCE XR524-8C, 1x230V (L3 int.) | ||
| SCALANCE XM408-4C | ||
| SCALANCE XR526-8C, 24V (L3 int.) |
Timeline
- Jun 14, 2022 CVE Published
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-145224.json advisory
- https://cert-portal.siemens.com/productcert/txt/ssa-145224.txt advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-145224.pdf advisory
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-167-10.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-22-167-10 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url
- https://support.industry.siemens.com/cs/ww/en/view/109809635/ fix