CVE-2022-25756

CWE-80 CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.5%

top 34.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Scalance X302-7eec Firmware Siemens Scalance X304-2fe Firmware Siemens Scalance X306-1ldfe Firmware +46 more

Timeline

PublishedApr 12

Latest updateApr 13

Description

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V),…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages49 packages

▶CVEListV5siemens/scalance_x307-2_eec_(230v)All versions < V4.1.4

▶CVEListV5siemens/scalance_x307-2_eec_(2x_230v)All versions < V4.1.4

▶NVDsiemens/scalance_xr324-12m_firmware< 4.1.4

▶NVDsiemens/scalance_xr324-12m_ts_firmware< 4.1.4

▶NVDsiemens/scalance_xr324-4m_eec_firmware< 4.1.4

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-cc95-9xf2-723h: A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC↗2022-04-13

▶

CVEList

CVE-2022-25756: A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC↗2022-04-12

▶