CVE-2022-46350Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Siemens Scalance X204rna

CWE-80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.7%
top 28.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Siemens 6gk5204-0ba00-2kb2 FirmwareSiemens 6gk5204-0ba00-2mb2 FirmwareSiemens 6gk5204-0bs00-2na3 Firmware+4 more
Timeline
PublishedDec 13

Description

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. This can be used by an attacker to trigger a malicious request on

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages7 packages

CVEListV5siemens/scalance_x204rnaAll versions < V3.2.7
CVEListV5siemens/scalance_x204rna_eecAll versions < V3.2.7

Patches

Patch: cert-portal.siemens.comPatch: cert-portal.siemens.com

🔴Vulnerability Details

2
CVEList
CVE-2022-46350: A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V32022-12-13
GHSA
GHSA-7c94-jfmg-hjhf: A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V32022-12-13
CVE-2022-46350 — Siemens Scalance X204rna vulnerability | cvebase