VDB
ICSA-22-223-07
ICSA-22-223-07
PUBLISHED
CVSS 9.100000381469727 CRITICAL
SCALANCE devices contain multiple vulnerabilities in MSPS based product lines that could allow authenticated remote attackers to execute custom code or create a XSS situation, as well as unauthenticated remote attackers to create a denial of service condition. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
Risk Scores
CVSS v3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SCALANCE S615 (6GK5615-0AA00-2AA2) | ||
| SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) | ||
| SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) | ||
| SCALANCE M804PB (6GK5804-0AP00-2AA2) | ||
| SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) | ||
| SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) | ||
| SCALANCE M874-2 (6GK5874-2AA00-2AA2) | ||
| SCALANCE M874-3 (6GK5874-3AA00-2AA2) | ||
| RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) | ||
| SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) | ||
| SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) | ||
| SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) | ||
| SCALANCE SC622-2C (6GK5622-2GS00-2AC2) | ||
| RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) | ||
| SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) | ||
| SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) | ||
| SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) | ||
| SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) | ||
| SCALANCE SC626-2C (6GK5626-2GS00-2AC2) | ||
| SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) |
Timeline
- Aug 9, 2022 CVE Published
- Oct 10, 2023 CVE Updated
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-710008.json advisory
- https://cert-portal.siemens.com/productcert/html/ssa-710008.html advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf advisory
- https://cert-portal.siemens.com/productcert/txt/ssa-710008.txt advisory
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-223-07.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-22-223-07 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url
- https://support.industry.siemens.com/cs/ww/en/view/109815650/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109810992/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109817768/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109818003/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109813051/ fix