Session Hijacking Vulnerability in SCALANCE X204RNA by Siemens
CVE-2022-46353

9.8CRITICAL

Key Information:

Vendor: Siemens
Status: Scalance X204rna (hsr); Scalance X204rna (prp); Scalance X204rna Eec (hsr); Scalance X204rna Eec (prp)
Vendor: CVE Published:; 13 December 2022

Summary

A vulnerability has been found in the SCALANCE X204RNA series by Siemens, where the webserver improperly calculates session IDs and nonces. This flaw allows unauthenticated remote attackers to conduct brute-force attempts on session IDs, potentially leading to session hijacking. Users of the affected versions, specifically those below V3.2.7, are at risk of having their active sessions compromised, which could lead to unauthorized access to sensitive information and control over network operations.

Affected Version(s)

SCALANCE X204RNA (HSR) All versions < V3.2.7

SCALANCE X204RNA (PRP) All versions < V3.2.7

SCALANCE X204RNA EEC (HSR) All versions < V3.2.7

References

https://cert-portal.siemens.com/productcert/pdf/ssa-36382...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2022
Vulnerability Reserved
Nov 30, 2022