First published: Tue Jul 12 2022(Updated: )
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Scalance X-200IRT | ||
Siemens SCALANCE X200-4PIRT | ||
Siemens SCALANCE X201-3P IRT | ||
Siemens SCALANCE X201-3P IRT PRO | ||
Siemens SCALANCE X201-3P IRT PRO | ||
Siemens Scalance X201-3P IRT Pro Firmware | ||
Siemens SCALANCE X202-2P IRT firmware | ||
Siemens SCALANCE X202-2P IRT PRO | ||
Siemens SIPLUS NET SCALANCE X202-2P IRT | ||
Siemens SCALANCE X202-2P IRT firmware | ||
Siemens SCALANCE X202-2P IRT PRO | ||
Siemens Scalance X202-2P IRT PRO Firmware | ||
Siemens Scalance X204-2 | <5.2.6 | |
Siemens Scalance X204-2 | ||
Siemens Scalance X204-2FM Firmware | <5.2.6 | |
Siemens SCALANCE X204-2FM | ||
Siemens Scalance X204-2LD TS | <5.2.6 | |
Siemens Scalance X204-2 Firmware | ||
Siemens Scalance X204-2LD TS | <5.2.6 | |
Siemens SCALANCE X204-2LD TS | ||
Siemens Scalance X204-2TS | <5.2.6 | |
Siemens SCALANCE X204-2TS | ||
Siemens Scalance X204 IRT Firmware | ||
Siemens Scalance X-200IRT | ||
Siemens Scalance X204 IRT Firmware | ||
Siemens Scalance X204IRT PRO Firmware | ||
Siemens Scalance X206-1LD | <5.2.6 | |
Siemens Scalance X206-1 Firmware | ||
Siemens Scalance X206-1LD | <5.2.6 | |
Siemens SCALANCE X206-1LD | ||
Siemens Scalance X208 Pro Firmware | <5.2.6 | |
Siemens Scalance X208 | ||
Siemens Scalance X208 | <5.2.6 | |
Siemens SCALANCE X208PRO | ||
Siemens Scalance X212-2LD | <5.2.6 | |
Siemens SCALANCE X212-2LD | ||
Siemens Scalance X212-2LD Firmware | <5.2.6 | |
Siemens Scalance X212-2LD Firmware | ||
Siemens Scalance X216 Firmware | <5.2.6 | |
Siemens SCALANCE X-200 Firmware | ||
Siemens Scalance X224 Firmware | <5.2.6 | |
Siemens Scalance X224 Firmware | ||
Siemens Scalance XF201-3P IRT | ||
Siemens SCALANCE XF201-3P IRT | ||
Siemens Scalance XF202-2P IRT | ||
Siemens SCALANCE XF202-2P IRT | ||
Siemens Scalance XF204 Firmware | <5.2.6 | |
Siemens Scalance XF204-2 Firmware | ||
Siemens Scalance XF204-2 Firmware | <5.2.6 | |
Siemens SCALANCE XF204-2 | ||
Siemens SCALANCE XF204-2BA IRT Firmware | ||
Siemens Scalance XF204-2BA IRT | ||
Siemens SCALANCE XF204IRT | ||
Siemens SCALANCE XF204IRT firmware | ||
Siemens Scalance XF206-1 | <5.2.6 | |
Siemens SCALANCE XF206-1 | ||
Siemens Scalance XF208 | <5.2.6 | |
Siemens Scalance XF208 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-26647 has a CVSS score indicating it is a critical vulnerability affecting multiple Siemens SCALANCE products.
To remediate CVE-2022-26647, update the firmware of the affected SCALANCE devices to version V5.5.2 or later.
CVE-2022-26647 affects various Siemens SCALANCE X200, X201, X202 devices with firmware versions prior to V5.5.2.
The potential impact of CVE-2022-26647 includes unauthorized access and control of the affected SCALANCE devices.
Currently, no specific workarounds are published for CVE-2022-26647, so upgrading the firmware is the recommended action.