Cross-Site Scripting Vulnerability in Siemens SCALANCE Series Devices
CVE-2022-40631

6.1MEDIUM

Key Information:

Vendor: Siemens
Status: Scalance X200-4p Irt; Scalance X201-3p Irt; Scalance X201-3p Irt Pro; Scalance X202-2irt
Vendor: CVE Published:; 11 October 2022

What is CVE-2022-40631?

A cross-site scripting (XSS) vulnerability exists in various Siemens SCALANCE devices, impacting versions prior to V5.5.0 or V5.2.5. If exploited, this vulnerability could allow an attacker to perform session hijacking, compromising user sessions and potentially gaining unauthorized access to sensitive information. It is critical for users of these devices to upgrade to the latest versions to mitigate this risk actively.

Affected Version(s)

SCALANCE X200-4P IRT All versions < V5.5.0

SCALANCE X201-3P IRT All versions < V5.5.0

SCALANCE X201-3P IRT PRO All versions < V5.5.0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-50189...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 11, 2022
Vulnerability Reserved
Sep 13, 2022