Web Server Vulnerability in Siemens SCALANCE X204RNA Series
CVE-2022-46354

5.3MEDIUM

Key Information:

Vendor: Siemens
Status: Scalance X204rna (hsr); Scalance X204rna (prp); Scalance X204rna Eec (hsr); Scalance X204rna Eec (prp)
Vendor: CVE Published:; 13 December 2022

What is CVE-2022-46354?

A significant vulnerability has been discovered in the Siemens SCALANCE X204RNA series, where the web server of affected products lacks essential security headers. This oversight could permit remote attackers to access confidential session information under specific conditions, posing a threat to data integrity and confidentiality.

Affected Version(s)

SCALANCE X204RNA (HSR) All versions < V3.2.7

SCALANCE X204RNA (PRP) All versions < V3.2.7

SCALANCE X204RNA EEC (HSR) All versions < V3.2.7

References

https://cert-portal.siemens.com/productcert/pdf/ssa-36382...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 13, 2022
Vulnerability Reserved
Nov 30, 2022