CVE-2022-46355

Summary

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The affected products are vulnerable to an "Exposure of Sensitive Information to an Unauthorized Actor" vulnerability by leaking sensitive data in the HTTP Referer.

Affected Software

VendorProductVersion RangeStatus
SiemensSCALANCE X204RNA (HSR)All versions < V3.2.7affected
SiemensSCALANCE X204RNA (PRP)All versions < V3.2.7affected
SiemensSCALANCE X204RNA EEC (HSR)All versions < V3.2.7affected
SiemensSCALANCE X204RNA EEC (PRP)All versions < V3.2.7affected
SiemensSCALANCE X204RNA EEC (PRP/HSR)All versions < V3.2.7affected

Weaknesses

  • CWE-200: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References