DOM-Based XSS Vulnerability in Siemens Web Interface
CVE-2022-36325

6.8MEDIUM

Key Information:

Vendor: Siemens
Status: Ruggedcom Rm1224 Lte(4g) Eu; Ruggedcom Rm1224 Lte(4g) Nam; Scalance M804pb; Scalance M812-1 Adsl-router (annex A)
Vendor: CVE Published:; 10 August 2022

Summary

This vulnerability arises from the inadequate sanitization of user-supplied data in the Siemens web interface. An authenticated attacker with administrative privileges can exploit this flaw to inject malicious code, potentially resulting in a DOM-based Cross-Site Scripting (XSS) attack. Such an attack could enable unauthorized actions on behalf of users, compromising their data and the integrity of the web application.

Affected Version(s)

RUGGEDCOM RM1224 LTE(4G) EU All versions < V7.1.2

RUGGEDCOM RM1224 LTE(4G) NAM All versions < V7.1.2

SCALANCE M804PB All versions < V7.1.2

References

https://cert-portal.siemens.com/productcert/pdf/ssa-71000...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 10, 2022
Vulnerability Reserved
Jul 20, 2022