DOM-Based XSS Vulnerability in Siemens Web Interface
CVE-2022-36325

6.8MEDIUM

Key Information:

Vendor: Siemens
Status: Ruggedcom Rm1224 Lte(4g) Eu; Ruggedcom Rm1224 Lte(4g) Nam; Scalance M804pb; Scalance M812-1 Adsl-router (annex A)
Vendor: CVE Published:; 10 August 2022

What is CVE-2022-36325?

This vulnerability arises from the inadequate sanitization of user-supplied data in the Siemens web interface. An authenticated attacker with administrative privileges can exploit this flaw to inject malicious code, potentially resulting in a DOM-based Cross-Site Scripting (XSS) attack. Such an attack could enable unauthorized actions on behalf of users, compromising their data and the integrity of the web application.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

RUGGEDCOM RM1224 LTE(4G) EU All versions < V7.1.2

RUGGEDCOM RM1224 LTE(4G) NAM All versions < V7.1.2

SCALANCE M804PB All versions < V7.1.2

References

https://cert-portal.siemens.com/productcert/pdf/ssa-71000...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 10, 2022
Vulnerability Reserved
Jul 20, 2022

JSON

Siemens

What is CVE-2022-36325?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.