CVE-2022-36324

Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack.

Published: Aug 10, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-36324
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-770

Affected Software
References

Software	From	Fixed in
siemens / scalance_m-800_firmware	-	-
siemens / scalance_s615_firmware	-	-
siemens / scalance_w700_ieee_802.11ax_firmware	-	-
siemens / scalance_w700_ieee_802.11n_firmware	-	-
siemens / scalance_w700_ieee_802.11ac_firmware	-	-
siemens / scalance_xb-200_firmware	-	-
siemens / scalance_xb205-3_firmware	-	-
siemens / scalance_xb205-3ld_firmware	-	-
siemens / scalance_xb208_firmware	-	-
siemens / scalance_xb213-3_firmware	-	-
siemens / scalance_xb213-3ld_firmware	-	-
siemens / scalance_xb216_firmware	-	-
siemens / scalance_xc-200_firmware	-	-
siemens / scalance_xc206-2_firmware	-	-
siemens / scalance_xc206-2g_poe__firmware	-	-
siemens / scalance_xc206-2g_poe_eec_firmware	-	-
siemens / scalance_xc206-2sfp_eec_firmware	-	-
siemens / scalance_xc206-2sfp_g_firmware	-	-
siemens / scalance_xc206-2sfp_g_(e/ip)_firmware	-	-
siemens / scalance_xc206-2sfp_g_eec_firmware	-	-
siemens / scalance_xc208_firmware	-	-
siemens / scalance_xc208eec_firmware	-	-
siemens / scalance_xc208g_firmware	-	-
siemens / scalance_xc208g_(e/ip)_firmware	-	-
siemens / scalance_xc208g_eec_firmware	-	-
siemens / scalance_xc208g_poe_firmware	-	-
siemens / scalance_xc216_firmware	-	-
siemens / scalance_xc216-4c_firmware	-	-
siemens / scalance_xc216-4c_g_firmware	-	-
siemens / scalance_xc216-4c_g_(e/ip)_firmware	-	-
siemens / scalance_xc216-4c_g_eec_firmware	-	-
siemens / scalance_xc216eec_firmware	-	-
siemens / scalance_xc224__firmware	-	-
siemens / scalance_xc224-4c_g__firmware	-	-
siemens / scalance_xc224-4c_g_(e/ip)_firmware	-	-
siemens / scalance_xc224-4c_g_eec_firmware	-	-
siemens / scalance_xf-200ba_firmware	-	-
siemens / scalance_xf204-2ba_dna_firmware	-	-
siemens / scalance_xf204-2ba_irt_firmware	-	-
siemens / scalance_xm400_firmware	-	-
siemens / scalance_xm408-4c_firmware	-	-
siemens / scalance_xm408-4c_l3_firmware	-	-
siemens / scalance_xm408-8c_firmware	-	-
siemens / scalance_xm408-8c_l3_firmware	-	-
siemens / scalance_xm416-4c_firmware	-	-
siemens / scalance_xm416-4c_l3_firmware	-	-
siemens / scalance_xp-200_firmware	-	-
siemens / scalance_xp208_firmware	-	-
siemens / scalance_xp208_(eip)_firmware	-	-
siemens / scalance_xp208eec_firmware	-	-
siemens / scalance_xp208poe_eec_firmware	-	-
siemens / scalance_xp216_firmware	-	-
siemens / scalance_xp216_(eip)_firmware	-	-
siemens / scalance_xp216eec_firmware	-	-
siemens / scalance_xp216poe_eec_firmware	-	-
siemens / scalance_xr-300_firmware	-	-
siemens / scalance_xr-300eec_firmware	-	-
siemens / scalance_xr-300poe_firmware	-	-
siemens / scalance_xr-300wg_firmware	-	-
siemens / scalance_xr324-12m_firmware	-	-
siemens / scalance_xr324-12m_ts_firmware	-	-
siemens / scalance_xr324-4m_eec_firmware	-	-
siemens / scalance_xr324-4m_poe_firmware	-	-
siemens / scalance_xr324-4m_poe_ts_firmware	-	-
siemens / scalance_xr324wg_firmware	-	-
siemens / scalance_xr326-2c_poe_wg_firmware	-	-
siemens / scalance_xr328-4c_wg_firmware	-	-
siemens / scalance_xr500_firmware	-	-
siemens / scalance_xr524_firmware	-	-
siemens / scalance_xr524-8c_firmware	-	-
siemens / scalance_xr524-8c_l3_firmware	-	-
siemens / scalance_xr526_firmware	-	-
siemens / scalance_xr526-8c_firmware	-	-
siemens / scalance_xr526-8c_l3_firmware	-	-
siemens / scalance_xr528_firmware	-	-
siemens / scalance_xr528-6m_firmware	-	-
siemens / scalance_xr528-6m_2hr2_firmware	-	-
siemens / scalance_xr528-6m_2hr2_l3_firmware	-	-
siemens / scalance_xr528-6m_l3_firmware	-	-
siemens / scalance_xr552_firmware	-	-
siemens / scalance_xr552-12_firmware	-	-
siemens / scalance_xr552-12m_firmware	-	-
siemens / scalance_xr552-12m_2hr2_firmware	-	-
siemens / scalance_xr552-12m_2hr2_l3_firmware	-	-

https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf

Vulnerability Database

300,445

CVE-2022-36324

Deep Security Visibility Without the Complexity