CVE-2022-36323

high-risk
Published 2022-08-10

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.

Do I need to act?

-
0.54% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.1/10 Critical
NETWORK / LOW complexity

Affected Products (20)

Scalance M-800 Firmware
Scalance Sc-600 Firmware
Scalance Sc622-2C Firmware
Scalance Sc632-2C Firmware
Scalance Sc636-2C Firmware
Scalance Sc642-2C Firmware
Scalance Sc646-2C Firmware
Scalance W700 Ieee 802.11Ax Firmware
Scalance W700 Ieee 802.11N Firmware
Scalance W700 Ieee 802.11Ac Firmware
Scalance Xb-200 Firmware
Scalance Xb205-3 Firmware
Scalance Xb205-3Ld Firmware
Scalance Xb208 Firmware
Scalance Xb213-3 Firmware
Scalance Xb213-3Ld Firmware
Scalance Xb216 Firmware
Scalance Xc-200 Firmware
Scalance Xc206-2 Firmware

Affected Vendors

Siemens

References (2)

Patch https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf
Patch https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf
62
/ 100
high-risk
Severity 31/34 · Critical
Exploitability 2/34 · Minimal
Exposure 29/34 · Critical