Multiple vulnerabilities in Siemens SCALANCE W1700 Devices
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2022-28329 CVE-2022-27481 CVE-2022-28328 |
| CWE-ID | CWE-20 CWE-362 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
SCALANCE W1788-1 M12 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE W1788-2 EEC M12 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE W1788-2 M12 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE W1788-2IA M12 Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | Siemens |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU62384
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-28329
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the RemoteCapture feature. A remote attacker on the local network can send specially crafted TCP packets and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
SCALANCE W1788-1 M12: before 3.0.0
SCALANCE W1788-2 EEC M12: before 3.0.0
SCALANCE W1788-2 M12: before 3.0.0
SCALANCE W1788-2IA M12: before 3.0.0
CPE2.3- cpe:2.3:h:siemens:scalance_w1788-1_m12:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w1788-2_eec_m12:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w1788-2_m12:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w1788-2ia_m12:*:*:*:*:*:*:*:*
https://cert-portal.siemens.com/productcert/pdf/ssa-392912.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Race condition
EUVDB-ID: #VU62385
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-27481
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of servie (DoS) attack.
The vulnerability exists due to a race condition when handling ARP requests. A remote attacker on the local network can exploit the race and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSCALANCE W1788-1 M12: before 3.0.0
SCALANCE W1788-2 EEC M12: before 3.0.0
SCALANCE W1788-2 M12: before 3.0.0
SCALANCE W1788-2IA M12: before 3.0.0
CPE2.3- cpe:2.3:h:siemens:scalance_w1788-1_m12:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w1788-2_eec_m12:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w1788-2_m12:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w1788-2ia_m12:*:*:*:*:*:*:*:*
https://cert-portal.siemens.com/productcert/pdf/ssa-392912.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU62386
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-28328
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can send specially crafted Multicast LLC frames and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
SCALANCE W1788-1 M12: before 3.0.0
SCALANCE W1788-2 EEC M12: before 3.0.0
SCALANCE W1788-2 M12: before 3.0.0
SCALANCE W1788-2IA M12: before 3.0.0
CPE2.3- cpe:2.3:h:siemens:scalance_w1788-1_m12:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w1788-2_eec_m12:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w1788-2_m12:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w1788-2ia_m12:*:*:*:*:*:*:*:*
https://cert-portal.siemens.com/productcert/pdf/ssa-392912.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
