1. Home
  2. CVE Database
  3. CVE-2022-36324
HIGH · 7.5

CVE-2022-36324

Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of se...

Vulnerability Description

Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
SiemensScalance M-800 FirmwareAll versions
SiemensScalance M-800-
SiemensScalance S615 FirmwareAll versions
SiemensScalance S615-
SiemensScalance W700 Ieee 802.11Ax FirmwareAll versions
SiemensScalance W700 Ieee 802.11Ax-
SiemensScalance W700 Ieee 802.11N FirmwareAll versions
SiemensScalance W700 Ieee 802.11N-
SiemensScalance W700 Ieee 802.11Ac FirmwareAll versions
SiemensScalance W700 Ieee 802.11Ac-
SiemensScalance Xb-200 FirmwareAll versions
SiemensScalance Xb-200-
SiemensScalance Xb205-3 FirmwareAll versions
SiemensScalance Xb205-3-
SiemensScalance Xb205-3Ld FirmwareAll versions
SiemensScalance Xb205-3Ld-
SiemensScalance Xb208 FirmwareAll versions
SiemensScalance Xb208-
SiemensScalance Xb213-3 FirmwareAll versions
SiemensScalance Xb213-3-

Related Weaknesses (CWE)

CWE-770

References

FAQ

What is CVE-2022-36324?

CVE-2022-36324 is a vulnerability with a CVSS score of 7.5 (HIGH). Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of se...

How severe is CVE-2022-36324?

CVE-2022-36324 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-36324?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Scalance M-800 Firmware, Siemens Scalance M-800, Siemens Scalance S615 Firmware, Siemens Scalance S615, Siemens Scalance W700 Ieee 802.11Ax Firmware.