CVE-2022-36323

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.

Published: Aug 10, 2022
Updated: May 9, 2024
CVE: CVE-2022-36323
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.1
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWEs:

CWE-74

Affected Software
References

Software	From	Fixed in
siemens / scalance_m-800_firmware	-	-
siemens / scalance_s615_firmware	-	-
siemens / scalance_sc-600_firmware	-	2.3.1
siemens / scalance_sc622-2c_firmware	-	2.3.1
siemens / scalance_sc632-2c_firmware	-	2.3.1
siemens / scalance_sc636-2c_firmware	-	2.3.1
siemens / scalance_sc642-2c_firmware	-	2.3.1
siemens / scalance_sc646-2c_firmware	-	2.3.1
siemens / scalance_w700_ieee_802.11ax_firmware	-	-
siemens / scalance_w700_ieee_802.11n_firmware	-	-
siemens / scalance_w700_ieee_802.11ac_firmware	-	-
siemens / scalance_xb-200_firmware	-	-
siemens / scalance_xb205-3_firmware	-	-
siemens / scalance_xb205-3ld_firmware	-	-
siemens / scalance_xb208_firmware	-	-
siemens / scalance_xb213-3_firmware	-	-
siemens / scalance_xb213-3ld_firmware	-	-
siemens / scalance_xb216_firmware	-	-
siemens / scalance_xc-200_firmware	-	-
siemens / scalance_xc206-2_firmware	-	-
siemens / scalance_xc206-2g_poe__firmware	-	-
siemens / scalance_xc206-2g_poe_eec_firmware	-	-
siemens / scalance_xc206-2sfp_eec_firmware	-	-
siemens / scalance_xc206-2sfp_g_firmware	-	-
siemens / scalance_xc206-2sfp_g_(e/ip)_firmware	-	-
siemens / scalance_xc206-2sfp_g_eec_firmware	-	-
siemens / scalance_xc208_firmware	-	-
siemens / scalance_xc208eec_firmware	-	-
siemens / scalance_xc208g_firmware	-	-
siemens / scalance_xc208g_(e/ip)_firmware	-	-
siemens / scalance_xc208g_eec_firmware	-	-
siemens / scalance_xc208g_poe_firmware	-	-
siemens / scalance_xc216_firmware	-	-
siemens / scalance_xc216-4c_firmware	-	-
siemens / scalance_xc216-4c_g_firmware	-	-
siemens / scalance_xc216-4c_g_(e/ip)_firmware	-	-
siemens / scalance_xc216-4c_g_eec_firmware	-	-
siemens / scalance_xc216eec_firmware	-	-
siemens / scalance_xc224__firmware	-	-
siemens / scalance_xc224-4c_g__firmware	-	-
siemens / scalance_xc224-4c_g_(e/ip)_firmware	-	-
siemens / scalance_xc224-4c_g_eec_firmware	-	-
siemens / scalance_xf-200ba_firmware	-	-
siemens / scalance_xf204-2ba_dna_firmware	-	-
siemens / scalance_xf204-2ba_irt_firmware	-	-
siemens / scalance_xm400_firmware	-	-
siemens / scalance_xm408-4c_firmware	-	-
siemens / scalance_xm408-4c_l3_firmware	-	-
siemens / scalance_xm408-8c_firmware	-	-
siemens / scalance_xm408-8c_l3_firmware	-	-
siemens / scalance_xm416-4c_firmware	-	-
siemens / scalance_xm416-4c_l3_firmware	-	-
siemens / scalance_xp-200_firmware	-	-
siemens / scalance_xp208_firmware	-	-
siemens / scalance_xp208_(eip)_firmware	-	-
siemens / scalance_xp208eec_firmware	-	-
siemens / scalance_xp208poe_eec_firmware	-	-
siemens / scalance_xp216_firmware	-	-
siemens / scalance_xp216_(eip)_firmware	-	-
siemens / scalance_xp216eec_firmware	-	-
siemens / scalance_xp216poe_eec_firmware	-	-
siemens / scalance_xr-300_firmware	-	-
siemens / scalance_xr-300eec_firmware	-	-
siemens / scalance_xr-300poe_firmware	-	-
siemens / scalance_xr-300wg_firmware	-	-
siemens / scalance_xr324-12m_firmware	-	-
siemens / scalance_xr324-12m_ts_firmware	-	-
siemens / scalance_xr324-4m_eec_firmware	-	-
siemens / scalance_xr324-4m_poe_firmware	-	-
siemens / scalance_xr324-4m_poe_ts_firmware	-	-
siemens / scalance_xr324wg_firmware	-	-
siemens / scalance_xr326-2c_poe_wg_firmware	-	-
siemens / scalance_xr328-4c_wg_firmware	-	-
siemens / scalance_xr500_firmware	-	-
siemens / scalance_xr524_firmware	-	-
siemens / scalance_xr524-8c_firmware	-	-
siemens / scalance_xr524-8c_l3_firmware	-	-
siemens / scalance_xr526_firmware	-	-
siemens / scalance_xr526-8c_firmware	-	-
siemens / scalance_xr526-8c_l3_firmware	-	-
siemens / scalance_xr528_firmware	-	-
siemens / scalance_xr528-6m_firmware	-	-
siemens / scalance_xr528-6m_2hr2_firmware	-	-
siemens / scalance_xr528-6m_2hr2_l3_firmware	-	-
siemens / scalance_xr528-6m_l3_firmware	-	-
siemens / scalance_xr552_firmware	-	-
siemens / scalance_xr552-12_firmware	-	-
siemens / scalance_xr552-12m_firmware	-	-
siemens / scalance_xr552-12m_2hr2_firmware	-	-
siemens / scalance_xr552-12m_2hr2_l3_firmware	-	-

https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf

Vulnerability Database

CVE-2022-36323

Deep Security Visibility Without the Complexity