CVE-2022-40631: XSS
First published: Tue Oct 11 2022(Updated: )
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT (All versions < V5.5.0), SCALANCE X202-2P IRT (All versions < V5.5.0), SCALANCE X202-2P IRT PRO (All versions < V5.5.0), SCALANCE X204-2 (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X204IRT (All versions < V5.5.0), SCALANCE X204IRT PRO (All versions < V5.5.0), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < V5.5.0), SCALANCE XF202-2P IRT (All versions < V5.5.0), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204-2 (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < V5.5.0), SCALANCE XF204IRT (All versions < V5.5.0), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.0). There is a cross-site scripting vulnerability on the affected devices, that if used by a threat actor, it could result in session hijacking.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Scalance X-200IRT | <5.5.0 | |
| Siemens SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3) | ||
| Siemens Scalance X201-3P IRT Pro Firmware | <5.5.0 | |
| Siemens SCALANCE X201-3P IRT PRO | ||
| Siemens Scalance X201-3P IRT Firmware | <5.5.0 | |
| Siemens Scalance X201-3P IRT Pro Firmware | ||
| Siemens Scalance X202-2P IRT PRO Firmware | <5.5.0 | |
| Siemens SCALANCE X202-2IRT | ||
| Siemens Scalance X202-2P IRT PRO Firmware | <5.5.0 | |
| Siemens SCALANCE X202-2P IRT | ||
| Siemens Scalance X202-2P IRT PRO Firmware | <5.5.0 | |
| Siemens Scalance X202-2P IRT PRO Firmware | ||
| Siemens Scalance X204-2 | <5.2.5 | |
| Siemens Scalance X204-2 Firmware | ||
| Siemens Scalance X204-2FM Firmware | <5.2.5 | |
| Siemens SCALANCE X204-2FM | ||
| Siemens Scalance X204-2LD TS | <5.2.5 | |
| Siemens SCALANCE X204-2LD TS | ||
| Siemens Scalance X204-2LD TS | <5.2.5 | |
| Siemens SCALANCE X204-2TS | ||
| Siemens Scalance X204-2TS | <5.2.5 | |
| Siemens SCALANCE X204-2TS | ||
| Siemens SCALANCE X204IRT | <5.5.0 | |
| Siemens Scalance X-200IRT | ||
| Siemens Scalance X204 IRT Firmware | <5.5.0 | |
| Siemens SCALANCE X204IRT PRO | ||
| Siemens Scalance X206-1LD | <5.2.5 | |
| Siemens Scalance X206-1 Firmware | ||
| Siemens Scalance X206-1LD | <5.2.5 | |
| Siemens SCALANCE X206-1LD | ||
| Siemens Scalance X208 | <5.2.5 | |
| Siemens Scalance X208 | ||
| Siemens Scalance X208 Pro Firmware | <5.2.5 | |
| Siemens SCALANCE X208 PRO | ||
| Siemens Scalance X212-2LD | <5.2.5 | |
| Siemens SCALANCE X212-2 | ||
| siemens scalance x212-2ld firmware | <5.2.5 | |
| Siemens SCALANCE X212-2LD | ||
| Siemens Scalance X216 Firmware | <5.2.5 | |
| Siemens SCALANCE X-200 Firmware | ||
| Siemens Scalance X224 Firmware | <5.2.5 | |
| Siemens Scalance X224 Firmware | ||
| Siemens Scalance XF201-3P IRT | <5.5.0 | |
| Siemens SCALANCE XF201-3P IRT | ||
| Siemens Scalance XF202-2P IRT | <5.5.0 | |
| Siemens SCALANCE XF202-2P IRT | ||
| Siemens Scalance XF204 Firmware | <5.2.5 | |
| Siemens Scalance XF204 | ||
| Siemens Scalance XF204-2 Firmware | <5.2.5 | |
| Siemens SCALANCE XF204-2 | ||
| Siemens Scalance XF204-2BA IRT | <5.5.0 | |
| Siemens SCALANCE XF204-2BA IRT | ||
| Siemens SCALANCE XF204 IRT | <5.5.0 | |
| Siemens SCALANCE XF204IRT (6GK5204-0BA00-2BF2) | ||
| Siemens Scalance XF206-1 | <5.2.5 | |
| Siemens SCALANCE XF206-1 | ||
| Siemens Scalance XF208 | <5.2.5 | |
| Siemens SCALANCE XF208 | ||
| Siemens SIPLUS NET SCALANCE X202-2P IRT | <5.5.0 | |
| Siemens Scalance X202-2p IRT Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-40631?
CVE-2022-40631 is classified as a high-severity vulnerability affecting several Siemens SCALANCE models.
How do I fix CVE-2022-40631?
To fix CVE-2022-40631, upgrade the affected Siemens SCALANCE devices to firmware versions 5.5.0 or later.
Which devices are affected by CVE-2022-40631?
CVE-2022-40631 affects various Siemens SCALANCE models including X200-4P IRT, X201-3P IRT, X202-2P IRT, and others with versions lower than 5.5.0.
What vulnerabilities are associated with CVE-2022-40631?
CVE-2022-40631 is linked to unauthorized access risks due to improper validation in the affected SCALANCE firmware.
Is there a patch available for CVE-2022-40631?
Yes, a patch for CVE-2022-40631 is included in firmware version 5.5.0 and later for the affected devices.
- agent/type
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/siemens
- canonical/siemens scalance x-200irt
- canonical/siemens scalance x200-4p irt (6gk5200-4ah00-2ba3)
- canonical/siemens scalance x201-3p irt pro firmware
- canonical/siemens scalance x201-3p irt pro
- canonical/siemens scalance x201-3p irt firmware
- canonical/siemens scalance x202-2p irt pro firmware
- canonical/siemens scalance x202-2irt
- canonical/siemens scalance x202-2p irt
- canonical/siemens scalance x204-2
- canonical/siemens scalance x204-2 firmware
- canonical/siemens scalance x204-2fm firmware
- canonical/siemens scalance x204-2fm
- canonical/siemens scalance x204-2ld ts
- canonical/siemens scalance x204-2ts
- canonical/siemens scalance x204irt
- canonical/siemens scalance x204 irt firmware
- canonical/siemens scalance x204irt pro
- canonical/siemens scalance x206-1ld
- canonical/siemens scalance x206-1 firmware
- canonical/siemens scalance x208
- canonical/siemens scalance x208 pro firmware
- canonical/siemens scalance x208 pro
- canonical/siemens scalance x212-2ld
- canonical/siemens scalance x212-2
- canonical/siemens scalance x212-2ld firmware
- canonical/siemens scalance x216 firmware
- canonical/siemens scalance x-200 firmware
- canonical/siemens scalance x224 firmware
- canonical/siemens scalance xf201-3p irt
- canonical/siemens scalance xf202-2p irt
- canonical/siemens scalance xf204 firmware
- canonical/siemens scalance xf204
- canonical/siemens scalance xf204-2 firmware
- canonical/siemens scalance xf204-2
- canonical/siemens scalance xf204-2ba irt
- canonical/siemens scalance xf204 irt
- canonical/siemens scalance xf204irt (6gk5204-0ba00-2bf2)
- canonical/siemens scalance xf206-1
- canonical/siemens scalance xf208
- canonical/siemens siplus net scalance x202-2p irt
- canonical/siemens scalance x202-2p irt firmware