SSA-806742 — Vulnetix

SSA-806742 PUBLISHED CVSS 7.5 HIGH

SCALANCE XCM-/XRM-300 before V2.4 is affected by multiple vulnerabilities. Siemens has released an update for SCALANCE X-300 and recommends to update to the latest version.

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

Affected Products

Vendor	Product	Versions
	SCALANCE XCM332 (6GK5332-0GA01-2AC2)
	SCALANCE XCH328 (6GK5328-4TS01-2EC2)
	SCALANCE XCM324 (6GK5324-8TS01-2AC2)
	SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
	SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
	SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
	SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
	SCALANCE XCM328 (6GK5328-4TS01-2AC2)
	SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
	SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
	SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)

Exploit Intelligence

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. CVE project by @Sn0wAlice (github-poc)
https://cert-portal.siemens.com/productcert/html/ssa-806742.html (circl)
https://cert-portal.siemens.com/productcert/csaf/ssa-806742.json (circl)
https://cert-portal.siemens.com/productcert/pdf/ssa-806742.pdf (circl)
https://cert-portal.siemens.com/productcert/txt/ssa-806742.txt (circl)
https://support.industry.siemens.com/cs/ww/en/view/109826613/ (circl)
rules.yar (github-yara)

Timeline

CVE Published
Apr 28, 2025 PoC Published

References

Open in Interactive Console →