目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

CVE-2022-25752— 多款 Siemens 产品安全特征问题漏洞

EPSS 3.11% · P87
新しい脆弱性情報の通知を購読するログインして購読

I. CVE-2022-25752の基本情報

脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗

高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。

脆弱性タイトル
N/A
ソース: NVD (National Vulnerability Database)
脆弱性説明
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
使用不充分的随机数
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
多款 Siemens 产品安全特征问题漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Siemens SCALANCE是德国西门子(Siemens)公司的一系列以太网交换机。可连接到工业控制系统 (ICS) 设备,包括可编程逻辑控制器 (PLC) 和人机界面 (HMI) 系统。 多款 Siemens 产品存在安全漏洞,该漏洞源于受影响设备的网络服务器以不安全的方式计算会话 ID 和随机数。这可能允许未经身份验证的远程攻击者暴力破解会话 ID 并劫持现有会话。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)

影響を受ける製品

ベンダープロダクト影響を受けるバージョンCPE購読
SiemensSCALANCE X302-7 EEC (230V) All versions < V4.1.4 -
SiemensSCALANCE X302-7 EEC (230V, coated) All versions < V4.1.4 -
SiemensSCALANCE X302-7 EEC (24V) All versions < V4.1.4 -
SiemensSCALANCE X302-7 EEC (24V, coated) All versions < V4.1.4 -
SiemensSCALANCE X302-7 EEC (2x 230V) All versions < V4.1.4 -
SiemensSCALANCE X302-7 EEC (2x 230V, coated) All versions < V4.1.4 -
SiemensSCALANCE X302-7 EEC (2x 24V) All versions < V4.1.4 -
SiemensSCALANCE X302-7 EEC (2x 24V, coated) All versions < V4.1.4 -
SiemensSCALANCE X304-2FE All versions < V4.1.4 -
SiemensSCALANCE X306-1LD FE All versions < V4.1.4 -
SiemensSCALANCE X307-2 EEC (230V) All versions < V4.1.4 -
SiemensSCALANCE X307-2 EEC (230V, coated) All versions < V4.1.4 -
SiemensSCALANCE X307-2 EEC (24V) All versions < V4.1.4 -
SiemensSCALANCE X307-2 EEC (24V, coated) All versions < V4.1.4 -
SiemensSCALANCE X307-2 EEC (2x 230V) All versions < V4.1.4 -
SiemensSCALANCE X307-2 EEC (2x 230V, coated) All versions < V4.1.4 -
SiemensSCALANCE X307-2 EEC (2x 24V) All versions < V4.1.4 -
SiemensSCALANCE X307-2 EEC (2x 24V, coated) All versions < V4.1.4 -
SiemensSCALANCE X307-3 All versions < V4.1.4 -
SiemensSCALANCE X307-3 All versions < V4.1.4 -
SiemensSCALANCE X307-3LD All versions < V4.1.4 -
SiemensSCALANCE X307-3LD All versions < V4.1.4 -
SiemensSCALANCE X308-2 All versions < V4.1.4 -
SiemensSCALANCE X308-2 All versions < V4.1.4 -
SiemensSCALANCE X308-2LD All versions < V4.1.4 -
SiemensSCALANCE X308-2LD All versions < V4.1.4 -
SiemensSCALANCE X308-2LH All versions < V4.1.4 -
SiemensSCALANCE X308-2LH All versions < V4.1.4 -
SiemensSCALANCE X308-2LH+ All versions < V4.1.4 -
SiemensSCALANCE X308-2LH+ All versions < V4.1.4 -
SiemensSCALANCE X308-2M All versions < V4.1.4 -
SiemensSCALANCE X308-2M All versions < V4.1.4 -
SiemensSCALANCE X308-2M PoE All versions < V4.1.4 -
SiemensSCALANCE X308-2M PoE All versions < V4.1.4 -
SiemensSCALANCE X308-2M TS All versions < V4.1.4 -
SiemensSCALANCE X308-2M TS All versions < V4.1.4 -
SiemensSCALANCE X310 All versions < V4.1.4 -
SiemensSCALANCE X310 All versions < V4.1.4 -
SiemensSCALANCE X310FE All versions < V4.1.4 -
SiemensSCALANCE X310FE All versions < V4.1.4 -
SiemensSCALANCE X320-1 FE All versions < V4.1.4 -
SiemensSCALANCE X320-1-2LD FE All versions < V4.1.4 -
SiemensSCALANCE X408-2 All versions < V4.1.4 -
SiemensSCALANCE XR324-12M (230V, ports on front) All versions < V4.1.4 -
SiemensSCALANCE XR324-12M (230V, ports on front) All versions < V4.1.4 -
SiemensSCALANCE XR324-12M (230V, ports on rear) All versions < V4.1.4 -
SiemensSCALANCE XR324-12M (230V, ports on rear) All versions < V4.1.4 -
SiemensSCALANCE XR324-12M (24V, ports on front) All versions < V4.1.4 -
SiemensSCALANCE XR324-12M (24V, ports on front) All versions < V4.1.4 -
SiemensSCALANCE XR324-12M (24V, ports on rear) All versions < V4.1.4 -
SiemensSCALANCE XR324-12M (24V, ports on rear) All versions < V4.1.4 -
SiemensSCALANCE XR324-12M TS (24V) All versions < V4.1.4 -
SiemensSCALANCE XR324-12M TS (24V) All versions < V4.1.4 -
SiemensSCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) All versions < V4.1.4 -
SiemensSCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) All versions < V4.1.4 -
SiemensSCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) All versions < V4.1.4 -
SiemensSCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) All versions < V4.1.4 -
SiemensSCALANCE XR324-4M EEC (24V, ports on front) All versions < V4.1.4 -
SiemensSCALANCE XR324-4M EEC (24V, ports on front) All versions < V4.1.4 -
SiemensSCALANCE XR324-4M EEC (24V, ports on rear) All versions < V4.1.4 -
SiemensSCALANCE XR324-4M EEC (24V, ports on rear) All versions < V4.1.4 -
SiemensSCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) All versions < V4.1.4 -
SiemensSCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) All versions < V4.1.4 -
SiemensSCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) All versions < V4.1.4 -
SiemensSCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) All versions < V4.1.4 -
SiemensSCALANCE XR324-4M EEC (2x 24V, ports on front) All versions < V4.1.4 -
SiemensSCALANCE XR324-4M EEC (2x 24V, ports on front) All versions < V4.1.4 -
SiemensSCALANCE XR324-4M EEC (2x 24V, ports on rear) All versions < V4.1.4 -
SiemensSCALANCE XR324-4M EEC (2x 24V, ports on rear) All versions < V4.1.4 -
SiemensSCALANCE XR324-4M PoE (230V, ports on front) All versions < V4.1.4 -
SiemensSCALANCE XR324-4M PoE (230V, ports on rear) All versions < V4.1.4 -
SiemensSCALANCE XR324-4M PoE (24V, ports on front) All versions < V4.1.4 -
SiemensSCALANCE XR324-4M PoE (24V, ports on rear) All versions < V4.1.4 -
SiemensSCALANCE XR324-4M PoE TS (24V, ports on front) All versions < V4.1.4 -
SiemensSIPLUS NET SCALANCE X308-2 All versions < V4.1.4 -

II. CVE-2022-25752の公開POC

#POC説明ソースリンクShenlongリンク
AI生成POCプレミアム

公開POCは見つかりませんでした。

ログインしてAI POCを生成

III. CVE-2022-25752のインテリジェンス情報

登录查看更多情报信息。

Same Patch Batch · Siemens · 2022-04-12 · 25 CVEs total

CVE-2021-403687.5 HIGHSiemens SIMATIC S7-400 缓冲区错误漏洞
CVE-2022-256225.3 MEDIUM多款Siemens SIMATIC产品资源管理错误漏洞
CVE-2022-28663Siemens Simcenter Femap 缓冲区错误漏洞
CVE-2022-28662Siemens Simcenter Femap 缓冲区错误漏洞
CVE-2022-28661Siemens Simcenter Femap 缓冲区错误漏洞
CVE-2022-28329Siemens SCALANCE输入验证错误漏洞
CVE-2022-28328Siemens SCALANCE 输入验证错误漏洞
CVE-2022-27481Siemens SCALANCE竞争条件问题漏洞
CVE-2022-27480Siemens SICAM 访问控制错误漏洞
CVE-2022-27241Siemens Mendix 信息泄露漏洞
CVE-2022-27194多款Siemens SIMATIC 产品 资源管理错误漏洞
CVE-2022-26380多款 Siemens 产品缓冲区错误漏洞
CVE-2022-26335多款 Siemens 产品安全漏洞
CVE-2022-26334Siemens SCALANCE安全漏洞
CVE-2022-25756多款 Siemens 产品跨站脚本漏洞
CVE-2022-25755Siemens SCALANCE 安全漏洞
CVE-2022-25754多款 Siemens 产品跨站请求伪造漏洞
CVE-2022-25753多款 Siemens 产品 缓冲区错误漏洞
CVE-2022-25751多款 Siemens 产品输入验证错误漏洞
CVE-2022-25650Siemens Mendix 安全漏洞

Showing 20 of 25 CVEs. View all on vendor page →

IV. 関連脆弱性

同じ製品: SCALANCE X302-7 EEC (230V)
同じベンダー: Siemens
同じ弱点: CWE-330

V. CVE-2022-25752へのコメント

まだコメントはありません

コメントを残す