CVE-2022-31765

Description

Affected devices do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Physical

Changed

Affected products

Siemens / RUGGEDCOM RM1224 LTE(4G) EU0 – V7.1.2
Siemens / RUGGEDCOM RM1224 LTE(4G) NAM0 – V7.1.2
Siemens / SCALANCE M804PB0 – V7.1.2
Siemens / SCALANCE M812-1 ADSL-Router0 – V7.1.2
Siemens / SCALANCE M816-1 ADSL-Router0 – V7.1.2
Siemens / SCALANCE M826-2 SHDSL-Router0 – V7.1.2
Siemens / SCALANCE M874-20 – V7.1.2
Siemens / SCALANCE M874-30 – V7.1.2
Siemens / SCALANCE M876-30 – V7.1.2
Siemens / SCALANCE M876-3 (ROK)0 – V7.1.2
Siemens / SCALANCE M876-40 – V7.1.2
Siemens / SCALANCE M876-4 (EU)0 – V7.1.2
Siemens / SCALANCE M876-4 (NAM)0 – V7.1.2
Siemens / SCALANCE MUM853-1 (EU)0 – V7.1.2
Siemens / SCALANCE MUM856-1 (EU)0 – V7.1.2
Siemens / SCALANCE MUM856-1 (RoW)0 – V7.1.2
Siemens / SCALANCE S615 EEC LAN-Router0 – V7.1.2
Siemens / SCALANCE S615 LAN-Router0 – V7.1.2
Siemens / SCALANCE SC622-2CAll versions < V3.0 – All versions < V3.0
Siemens / SCALANCE SC632-2CAll versions < V3.0 – All versions < V3.0
Siemens / SCALANCE SC636-2CAll versions < V3.0 – All versions < V3.0
Siemens / SCALANCE SC642-2CAll versions < V3.0 – All versions < V3.0
Siemens / SCALANCE SC646-2CAll versions < V3.0 – All versions < V3.0
Siemens / SCALANCE W1748-1 M120 – *
Siemens / SCALANCE W1788-1 M120 – *
Siemens / SCALANCE W1788-2 EEC M120 – *
Siemens / SCALANCE W1788-2IA M120 – *
Siemens / SCALANCE W1788-2 M120 – *
Siemens / SCALANCE W721-1 RJ450 – V6.6.0
Siemens / SCALANCE W722-1 RJ450 – V6.6.0
Siemens / SCALANCE W734-1 RJ450 – V6.6.0
Siemens / SCALANCE W734-1 RJ45 (USA)0 – V6.6.0
Siemens / SCALANCE W738-1 M120 – V6.6.0
Siemens / SCALANCE W748-1 M120 – V6.6.0
Siemens / SCALANCE W748-1 RJ450 – V6.6.0
Siemens / SCALANCE W761-1 RJ450 – V6.6.0
Siemens / SCALANCE W774-1 M12 EEC0 – V6.6.0
Siemens / SCALANCE W774-1 RJ450 – V6.6.0
Siemens / SCALANCE W774-1 RJ45 (USA)0 – V6.6.0
Siemens / SCALANCE W778-1 M120 – V6.6.0
Siemens / SCALANCE W778-1 M12 EEC0 – V6.6.0
Siemens / SCALANCE W778-1 M12 EEC (USA)0 – V6.6.0
Siemens / SCALANCE W786-1 RJ450 – V6.6.0
Siemens / SCALANCE W786-2IA RJ450 – V6.6.0
Siemens / SCALANCE W786-2 RJ450 – V6.6.0
Siemens / SCALANCE W786-2 SFP0 – V6.6.0
Siemens / SCALANCE W788-1 M120 – V6.6.0
Siemens / SCALANCE W788-1 RJ450 – V6.6.0
Siemens / SCALANCE W788-2 M120 – V6.6.0
Siemens / SCALANCE W788-2 M12 EEC0 – V6.6.0
Siemens / SCALANCE W788-2 RJ450 – V6.6.0
Siemens / SCALANCE WAM763-1All versions < V2.0 – All versions < V2.0
Siemens / SCALANCE WAM766-1All versions < V2.0 – All versions < V2.0
Siemens / SCALANCE WAM766-1 EECAll versions < V2.0 – All versions < V2.0
Siemens / SCALANCE WAM766-1 EEC (US)All versions < V2.0 – All versions < V2.0
Siemens / SCALANCE WAM766-1 (US)All versions < V2.0 – All versions < V2.0
Siemens / SCALANCE WUM763-1All versions < V2.0 – All versions < V2.0
Siemens / SCALANCE WUM766-1All versions < V2.0 – All versions < V2.0
Siemens / SCALANCE WUM766-1 (USA)All versions < V2.0 – All versions < V2.0
Siemens / SCALANCE XB205-3LD (SC, E/IP)0 – V4.4
Siemens / SCALANCE XB205-3LD (SC, PN)0 – V4.4
Siemens / SCALANCE XB205-3 (SC, PN)0 – V4.4
Siemens / SCALANCE XB205-3 (ST, E/IP)0 – V4.4
Siemens / SCALANCE XB205-3 (ST, PN)0 – V4.4
Siemens / SCALANCE XB208 (E/IP)0 – V4.4
Siemens / SCALANCE XB208 (PN)0 – V4.4
Siemens / SCALANCE XB213-3LD (SC, E/IP)0 – V4.4
Siemens / SCALANCE XB213-3LD (SC, PN)0 – V4.4
Siemens / SCALANCE XB213-3 (SC, E/IP)0 – V4.4
Siemens / SCALANCE XB213-3 (SC, PN)0 – V4.4
Siemens / SCALANCE XB213-3 (ST, E/IP)0 – V4.4
Siemens / SCALANCE XB213-3 (ST, PN)0 – V4.4
Siemens / SCALANCE XB216 (E/IP)0 – V4.4
Siemens / SCALANCE XB216 (PN)0 – V4.4
Siemens / SCALANCE XC206-2G PoE0 – V4.4
Siemens / SCALANCE XC206-2G PoE (54 V DC)0 – V4.4
Siemens / SCALANCE XC206-2G PoE EEC (54 V DC)0 – V4.4
Siemens / SCALANCE XC206-2 (SC)0 – V4.4
Siemens / SCALANCE XC206-2SFP0 – V4.4
Siemens / SCALANCE XC206-2SFP EEC0 – V4.4
Siemens / SCALANCE XC206-2SFP G0 – V4.4
Siemens / SCALANCE XC206-2SFP G EEC0 – V4.4
Siemens / SCALANCE XC206-2SFP G (EIP DEF.)0 – V4.4
Siemens / SCALANCE XC206-2 (ST/BFOC)0 – V4.4
Siemens / SCALANCE XC2080 – V4.4
Siemens / SCALANCE XC208EEC0 – V4.4
Siemens / SCALANCE XC208G0 – V4.4
Siemens / SCALANCE XC208G EEC0 – V4.4
Siemens / SCALANCE XC208G (EIP def.)0 – V4.4
Siemens / SCALANCE XC208G PoE0 – V4.4
Siemens / SCALANCE XC208G PoE (54 V DC)0 – V4.4
Siemens / SCALANCE XC2160 – V4.4
Siemens / SCALANCE XC216-3G PoE0 – V4.4
Siemens / SCALANCE XC216-3G PoE (54 V DC)0 – V4.4
Siemens / SCALANCE XC216-4C0 – V4.4
Siemens / SCALANCE XC216-4C G0 – V4.4
Siemens / SCALANCE XC216-4C G EEC0 – V4.4
Siemens / SCALANCE XC216-4C G (EIP Def.)0 – V4.4
Siemens / SCALANCE XC216EEC0 – V4.4
Siemens / SCALANCE XC2240 – V4.4
Siemens / SCALANCE XC224-4C G0 – V4.4
Siemens / SCALANCE XC224-4C G EEC0 – V4.4
Siemens / SCALANCE XC224-4C G (EIP Def.)0 – V4.4
Siemens / SCALANCE XF2040 – V4.4
Siemens / SCALANCE XF204-2BA0 – V4.4
Siemens / SCALANCE XF204-2BA DNA0 – V4.4
Siemens / SCALANCE XF204 DNA0 – V4.4
Siemens / SCALANCE XM408-4C0 – V6.6
Siemens / SCALANCE XM408-4C (L3 int.)0 – V6.6
Siemens / SCALANCE XM408-8C0 – V6.6
Siemens / SCALANCE XM408-8C (L3 int.)0 – V6.6
Siemens / SCALANCE XM416-4C0 – V6.6
Siemens / SCALANCE XM416-4C (L3 int.)0 – V6.6
Siemens / SCALANCE XP2080 – V4.4
Siemens / SCALANCE XP208EEC0 – V4.4
Siemens / SCALANCE XP208 (Ethernet/IP)0 – V4.4
Siemens / SCALANCE XP208PoE EEC0 – V4.4
Siemens / SCALANCE XP2160 – V4.4
Siemens / SCALANCE XP216EEC0 – V4.4
Siemens / SCALANCE XP216 (Ethernet/IP)0 – V4.4
Siemens / SCALANCE XP216POE EEC0 – V4.4
Siemens / SCALANCE XR324WG (24 x FE, AC 230V)0 – V4.4
Siemens / SCALANCE XR324WG (24 X FE, DC 24V)0 – V4.4
Siemens / SCALANCE XR326-2C PoE WG0 – V4.4
Siemens / SCALANCE XR326-2C PoE WG (without UL)0 – V4.4
Siemens / SCALANCE XR328-4C WG (24XFE, 4XGE, 24V)0 – V4.4
Siemens / SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)0 – V4.4
Siemens / SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)0 – V4.4
Siemens / SCALANCE XR328-4C WG (28xGE, AC 230V)0 – V4.4
Siemens / SCALANCE XR328-4C WG (28xGE, DC 24V)0 – V4.4
Siemens / SCALANCE XR524-8C, 1x230V0 – V6.6
Siemens / SCALANCE XR524-8C, 1x230V (L3 int.)0 – V6.6
Siemens / SCALANCE XR524-8C, 24V0 – V6.6
Siemens / SCALANCE XR524-8C, 24V (L3 int.)0 – V6.6
Siemens / SCALANCE XR524-8C, 2x230V0 – V6.6
Siemens / SCALANCE XR524-8C, 2x230V (L3 int.)0 – V6.6
Siemens / SCALANCE XR526-8C, 1x230V0 – V6.6
Siemens / SCALANCE XR526-8C, 1x230V (L3 int.)0 – V6.6
Siemens / SCALANCE XR526-8C, 24V0 – V6.6
Siemens / SCALANCE XR526-8C, 24V (L3 int.)0 – V6.6
Siemens / SCALANCE XR526-8C, 2x230V0 – V6.6
Siemens / SCALANCE XR526-8C, 2x230V (L3 int.)0 – V6.6
Siemens / SCALANCE XR528-6M0 – V6.6
Siemens / SCALANCE XR528-6M (2HR2)0 – V6.6
Siemens / SCALANCE XR528-6M (2HR2, L3 int.)0 – V6.6
Siemens / SCALANCE XR528-6M (L3 int.)0 – V6.6
Siemens / SCALANCE XR552-12M0 – V6.6
Siemens / SCALANCE XR552-12M (2HR2)0 – V6.6
Siemens / SCALANCE XR552-12M (2HR2, L3 int.)0 – V6.6
Siemens / SIPLUS NET SCALANCE XC206-20 – V4.4
Siemens / SIPLUS NET SCALANCE XC206-2SFP0 – V4.4
Siemens / SIPLUS NET SCALANCE XC2080 – V4.4
Siemens / SIPLUS NET SCALANCE XC216-4C0 – V4.4

CVE-2022-31765

Description

CVSS breakdown

Affected products

References