CVE-2022-36324

Name: CVE-2022-36324
Creator: NVD / NIST
Published: 2022-08-10T12:15:12.93+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 1.44%

Last modified Jun 17, 2026

CVE-2022-36324 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack.. EPSS estimates a 1.44% chance of exploitation in the next 30 days.

Description

Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

1.44%

69.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Siemens	Scalance M-800 Firmware	All versions
Siemens	Scalance S615 Firmware	All versions
Siemens	Scalance W700 Ieee 802.11ax Firmware	All versions
Siemens	Scalance W700 Ieee 802.11n Firmware	All versions
Siemens	Scalance W700 Ieee 802.11ac Firmware	All versions
Siemens	Scalance Xb-200 Firmware	All versions
Siemens	Scalance Xb205-3 Firmware	All versions
Siemens	Scalance Xb205-3ld Firmware	All versions
Siemens	Scalance Xb208 Firmware	All versions
Siemens	Scalance Xb213-3 Firmware	All versions
Siemens	Scalance Xb213-3ld Firmware	All versions
Siemens	Scalance Xb216 Firmware	All versions
Siemens	Scalance Xc-200 Firmware	All versions
Siemens	Scalance Xc206-2 Firmware	All versions
Siemens	Scalance Xc206-2g Poe Firmware	All versions
Siemens	Scalance Xc206-2g Poe Eec Firmware	All versions
Siemens	Scalance Xc206-2sfp Eec Firmware	All versions
Siemens	Scalance Xc206-2sfp G Firmware	All versions
Siemens	Scalance Xc206-2sfp G \(E\/Ip\) Firmware	All versions
Siemens	Scalance Xc206-2sfp G Eec Firmware	All versions
Siemens	Scalance Xc208 Firmware	All versions
Siemens	Scalance Xc208eec Firmware	All versions
Siemens	Scalance Xc208g Firmware	All versions
Siemens	Scalance Xc208g \(E\/Ip\) Firmware	All versions
Siemens	Scalance Xc208g Eec Firmware	All versions
Siemens	Scalance Xc208g Poe Firmware	All versions
Siemens	Scalance Xc216 Firmware	All versions
Siemens	Scalance Xc216-4c Firmware	All versions
Siemens	Scalance Xc216-4c G Firmware	All versions
Siemens	Scalance Xc216-4c G \(E\/Ip\) Firmware	All versions
Siemens	Scalance Xc216-4c G Eec Firmware	All versions
Siemens	Scalance Xc216eec Firmware	All versions
Siemens	Scalance Xc224 Firmware	All versions
Siemens	Scalance Xc224-4c G Firmware	All versions
Siemens	Scalance Xc224-4c G \(E\/Ip\) Firmware	All versions
Siemens	Scalance Xc224-4c G Eec Firmware	All versions
Siemens	Scalance Xf-200ba Firmware	All versions
Siemens	Scalance Xf204-2ba Dna Firmware	All versions
Siemens	Scalance Xf204-2ba Irt Firmware	All versions
Siemens	Scalance Xm400 Firmware	All versions
Siemens	Scalance Xm408-4c Firmware	All versions
Siemens	Scalance Xm408-4c L3 Firmware	All versions
Siemens	Scalance Xm408-8c Firmware	All versions
Siemens	Scalance Xm408-8c L3 Firmware	All versions
Siemens	Scalance Xm416-4c Firmware	All versions
Siemens	Scalance Xm416-4c L3 Firmware	All versions
Siemens	Scalance Xp-200 Firmware	All versions
Siemens	Scalance Xp208 Firmware	All versions
Siemens	Scalance Xp208 \(Eip\) Firmware	All versions
Siemens	Scalance Xp208eec Firmware	All versions

Showing 50 of 84 affected configurations. See NVD for the full list.

References

https://cert-portal.siemens.com/productcert/html/ssa-019200.html
https://cert-portal.siemens.com/productcert/html/ssa-710008.html
https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdfMitigation, Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdfMitigation, Vendor Advisory

Timeline

Published: Aug 10, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-36324?

How severe is CVE-2022-36324?

CVE-2022-36324 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 1.44% probability of exploitation in the next 30 days.

How do I fix CVE-2022-36324?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-36324?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST