CVE-2022-36324

HIGH

Siemens SCALANCE Devices - Denial of Service via SSL/TLS Renegotiation

Title source: llm

Description

Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack.

References (3)

Core 3

Core References

Mitigation, Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf

https://cert-portal.siemens.com/productcert/html/ssa-710008.html

https://cert-portal.siemens.com/productcert/html/ssa-019200.html

Scores

CVSS v3 7.5

EPSS 0.0154

EPSS Percentile 81.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-770

Status published

Products (50)

Siemens/RUGGEDCOM RM1224 LTE(4G) EU < V7.1.2

Siemens/RUGGEDCOM RM1224 LTE(4G) NAM < V7.1.2

Siemens/SCALANCE M804PB < V7.1.2

Siemens/SCALANCE M812-1 ADSL-Router < V7.1.2

Siemens/SCALANCE M816-1 ADSL-Router < V7.1.2

Siemens/SCALANCE M826-2 SHDSL-Router < V7.1.2

Siemens/SCALANCE M874-2 < V7.1.2

Siemens/SCALANCE M874-3 < V7.1.2

Siemens/SCALANCE M876-3 < V7.1.2

Siemens/SCALANCE M876-3 (ROK) < V7.1.2

... and 40 more

Published Aug 10, 2022

Tracked Since Feb 18, 2026