CVE-2022-46350

Summary

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. This can be used by an attacker to trigger a malicious request on the affected device.

Affected Software

VendorProductVersion RangeStatus
SiemensSCALANCE X204RNA (HSR)All versions < V3.2.7affected
SiemensSCALANCE X204RNA (PRP)All versions < V3.2.7affected
SiemensSCALANCE X204RNA EEC (HSR)All versions < V3.2.7affected
SiemensSCALANCE X204RNA EEC (PRP)All versions < V3.2.7affected
SiemensSCALANCE X204RNA EEC (PRP/HSR)All versions < V3.2.7affected

Weaknesses

  • CWE-80: CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References