CVE-2022-36323 Siemens CVE debrief

Who should care

Organizations using the affected Siemens SCALANCE W-series devices, especially teams responsible for OT network security, remote administration, and firmware management, should treat this as high priority.

Technical summary

The supplied advisory describes an improper sanitization of an input field in multiple SCALANCE models. The impact is code injection or root-level shell access, but the attack requires network access and administrative privileges (CVSS v3.1: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H, 9.1).

Defensive priority

High. Even though administrative privileges are required, successful exploitation can yield root-level control of an affected industrial device. Prioritize any exposed or remotely managed SCALANCE systems and confirm they are on a fixed release.

Recommended defensive actions

• Update affected devices to V6.6.0 or later, as directed by the vendor advisory.
• Inventory SCALANCE devices and verify whether any listed models are deployed in your environment.
• Restrict and monitor administrative access to device management interfaces.
• Review OT segmentation and limit network paths to device administration services.
• Use the Siemens advisory and CISA advisory references to confirm model-specific remediation steps and deployment guidance.

Evidence notes

This debrief is based on the supplied CISA CSAF advisory (ICSA-26-111-07) republishing Siemens ProductCERT SSA-019200 and the linked Siemens/CISA references. The corpus states the vulnerability is caused by improper input sanitization and can allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. The remediation listed in the corpus is to update to V6.6.0 or later. No KEV listing was provided in the source corpus.

Official resources