Cross-Site Scripting Vulnerability in SCALANCE X204RNA Products by Siemens
CVE-2022-46350

6.1MEDIUM

Key Information:

Vendor: Siemens
Status: Scalance X204rna (hsr); Scalance X204rna (prp); Scalance X204rna Eec (hsr); Scalance X204rna Eec (prp)
Vendor: CVE Published:; 13 December 2022

Summary

A Cross-Site Scripting vulnerability has been discovered in various SCALANCE X204RNA products by Siemens. An attacker could exploit this flaw by tricking users into clicking on malicious links, which would result in malicious requests triggered on the affected devices. The flaw affects all versions prior to V3.2.7, posing potential security risks for users relying on these network components.

Affected Version(s)

SCALANCE X204RNA (HSR) All versions < V3.2.7

SCALANCE X204RNA (PRP) All versions < V3.2.7

SCALANCE X204RNA EEC (HSR) All versions < V3.2.7

References

https://cert-portal.siemens.com/productcert/pdf/ssa-36382...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 13, 2022
Vulnerability Reserved
Nov 30, 2022