CVE-2022-26648: CVE-2022-26648

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-26648

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Siemens SCALANCE 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Siemens SCALANCE是德国西门子（Siemens）公司的一系列以太网交换机。可连接到工业控制系统 (ICS) 设备，包括可编程逻辑控制器 (PLC) 和人机界面 (HMI) 系统。 Siemens SCALANCE多款产品存在安全漏洞，该漏洞源于未正确验证传入 HTTP 请求的 GET 参数 XNo。以下产品及版本受到影响：SCALANCE X204IRT PRO所有版本、SCALANCE X206-1 V5.2.6之前版本、SCALANCE X206-1LD V5.2.6之前版本、SCALA

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
Siemens	SCALANCE X200-4P IRT	All versions < V5.5.2	-
Siemens	SCALANCE X201-3P IRT	All versions < V5.5.2	-
Siemens	SCALANCE X201-3P IRT PRO	All versions < V5.5.2	-
Siemens	SCALANCE X202-2IRT	All versions < V5.5.2	-
Siemens	SCALANCE X202-2IRT	All versions < V5.5.2	-
Siemens	SCALANCE X202-2P IRT	All versions < V5.5.2	-
Siemens	SCALANCE X202-2P IRT PRO	All versions < V5.5.2	-
Siemens	SCALANCE X204-2	All versions < V5.2.6	-
Siemens	SCALANCE X204-2FM	All versions < V5.2.6	-
Siemens	SCALANCE X204-2LD	All versions < V5.2.6	-
Siemens	SCALANCE X204-2LD TS	All versions < V5.2.6	-
Siemens	SCALANCE X204-2TS	All versions < V5.2.6	-
Siemens	SCALANCE X204IRT	All versions < V5.5.2	-
Siemens	SCALANCE X204IRT	All versions < V5.5.2	-
Siemens	SCALANCE X204IRT PRO	All versions < V5.5.2	-
Siemens	SCALANCE X206-1	All versions < V5.2.6	-
Siemens	SCALANCE X206-1LD	All versions < V5.2.6	-
Siemens	SCALANCE X208	All versions < V5.2.6	-
Siemens	SCALANCE X208PRO	All versions < V5.2.6	-
Siemens	SCALANCE X212-2	All versions < V5.2.6	-
Siemens	SCALANCE X212-2LD	All versions < V5.2.6	-
Siemens	SCALANCE X216	All versions < V5.2.6	-
Siemens	SCALANCE X224	All versions < V5.2.6	-
Siemens	SCALANCE XF201-3P IRT	All versions < V5.5.2	-
Siemens	SCALANCE XF202-2P IRT	All versions < V5.5.2	-
Siemens	SCALANCE XF204	All versions < V5.2.6	-
Siemens	SCALANCE XF204-2	All versions < V5.2.6	-
Siemens	SCALANCE XF204-2BA IRT	All versions < V5.5.2	-
Siemens	SCALANCE XF204IRT	All versions < V5.5.2	-
Siemens	SCALANCE XF206-1	All versions < V5.2.6	-
Siemens	SCALANCE XF208	All versions < V5.2.6	-

II. Public POCs for CVE-2022-26648

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-26648

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same product: SCALANCE X200-4P IRT

Same vendor: Siemens

Same weakness: CWE-120

V. Comments for CVE-2022-26648

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2022-26648

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-26648

III. Intelligence Information for CVE-2022-26648

IV. Related Vulnerabilities

V. Comments for CVE-2022-26648

Leave a comment