ICSA-22-349-18 — Vulnetix

ICSA-22-349-18 PUBLISHED CVSS 7.5 HIGH

Multiple vulnerabilities affecting various third-party components of the SCALANCE SC-600 family could allow an attacker to cause a denial of service condition, corrupt memory or potentially execute custom code. Siemens has released updates for the affected products and recommends to update to the latest versions.

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

Affected Products

Vendor	Product	Versions
	SCALANCE SC636-2C (6GK5636-2GS00-2AC2)
	SCALANCE SC646-2C (6GK5646-2GS00-2AC2)
	SCALANCE SC632-2C (6GK5632-2GS00-2AC2)
	SCALANCE SC642-2C (6GK5642-2GS00-2AC2)
	SCALANCE SC622-2C (6GK5622-2GS00-2AC2)
	SCALANCE SC626-2C (6GK5626-2GS00-2AC2)

Exploit Intelligence

https://cert-portal.siemens.com/productcert/csaf/ssa-333517.json (circl)
https://cert-portal.siemens.com/productcert/txt/ssa-333517.txt (circl)
https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf (circl)
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-349-18.json (circl)
https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-18 (circl)
https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 (circl)
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices (circl)
https://www.cisa.gov/topics/industrial-control-systems (circl)
https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf (circl)
https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf (circl)

…and 2 more exploits

Timeline

Dec 13, 2022 CVE Published

References

https://cert-portal.siemens.com/productcert/csaf/ssa-333517.json advisory
https://cert-portal.siemens.com/productcert/txt/ssa-333517.txt advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf advisory
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-349-18.json advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-18 advisory
https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
https://www.cisa.gov/topics/industrial-control-systems url
https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url
https://support.industry.siemens.com/cs/ww/en/view/109814276/ fix

Open in Interactive Console →