CVE-2022-46353

Summary

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.

Affected Software

VendorProductVersion RangeStatus
SiemensSCALANCE X204RNA (HSR)All versions < V3.2.7affected
SiemensSCALANCE X204RNA (PRP)All versions < V3.2.7affected
SiemensSCALANCE X204RNA EEC (HSR)All versions < V3.2.7affected
SiemensSCALANCE X204RNA EEC (PRP)All versions < V3.2.7affected
SiemensSCALANCE X204RNA EEC (PRP/HSR)All versions < V3.2.7affected

Weaknesses

  • CWE-330: CWE-330: Use of Insufficiently Random Values

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References