CVE-2022-46350 - OpenCVE

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. This can be used by an attacker to trigger a malicious request on the affected device.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Siemens	6gk5204-0bs00-3pa3 Firmware 6gk5204-0ba00-2kb2 Firmware 6gk5204-0ba00-2kb2 6gk5204-0bs00-3pa3 6gk5204-0ba00-2mb2 6gk5204-0bs00-3la3 6gk5204-0bs00-2na3 Firmware 6gk5204-0ba00-2mb2 Firmware 6gk5204-0bs00-2na3 6gk5204-0bs00-3la3 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:siemens:6gk5204-0ba00-2mb2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6gk5204-0ba00-2mb2:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:siemens:6gk5204-0ba00-2kb2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6gk5204-0ba00-2kb2:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:siemens:6gk5204-0bs00-2na3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6gk5204-0bs00-2na3:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:siemens:6gk5204-0bs00-3la3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6gk5204-0bs00-3la3:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:siemens:6gk5204-0bs00-3pa3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6gk5204-0bs00-3pa3:-:*:*:*:*:*:*:*

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdf	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: siemens

Published: 2022-12-13T00:00:00

Updated: 2022-12-13T00:00:00

Reserved: 2022-11-30T00:00:00

Link: CVE-2022-46350

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-12-13T16:15:25.667

Modified: 2022-12-15T20:58:58.180

Link: CVE-2022-46350

JSON object: View

Redhat Information

No data.

CWE

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:6gk5204-0ba00-2mb2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "77A54E43-E9A5-49CF-BA3C-E6878C2C713F", "versionEndExcluding": "3.2.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:6gk5204-0ba00-2mb2:-:*:*:*:*:*:*:*", "matchCriteriaId": "AF6E5E68-552D-40C1-A4AB-605D0F21688F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:6gk5204-0ba00-2kb2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE326B9F-A613-46B5-A20D-BE9D41A80857", "versionEndExcluding": "3.2.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:6gk5204-0ba00-2kb2:-:*:*:*:*:*:*:*", "matchCriteriaId": "7B61CA05-D98E-4BD6-BE78-58574B2DE5CA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:6gk5204-0bs00-2na3_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6FCF31E-22CA-4038-AC27-BAEA752A718D", "versionEndExcluding": "3.2.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:6gk5204-0bs00-2na3:-:*:*:*:*:*:*:*", "matchCriteriaId": "28B98E8F-0E32-4BA4-8237-055BDB25C1B3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:6gk5204-0bs00-3la3_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7EA94F5-1AB0-4BE2-810A-46B840070856", "versionEndExcluding": "3.2.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:6gk5204-0bs00-3la3:-:*:*:*:*:*:*:*", "matchCriteriaId": "D92CFF31-E138-49D0-A9FF-A91E7342AEFC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:6gk5204-0bs00-3pa3_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "06CBD11B-3671-425B-89EB-4B9677B3316B", "versionEndExcluding": "3.2.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:6gk5204-0bs00-3pa3:-:*:*:*:*:*:*:*", "matchCriteriaId": "1572F77B-98B7-44D9-9DF9-9EC56CD6E571", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. This can be used by an attacker to trigger a malicious request on the affected device."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en:\nSCALANCE X204RNA (HSR) (Todas las versiones < V3.2.7), \nSCALANCE X204RNA (PRP) (Todas las versiones < V3.2.7), \nSCALANCE X204RNA EEC (HSR) (Todas las versiones < V3.2.7 ), \nSCALANCE X204RNA EEC (PRP) (todas las versiones < V3.2.7), \nSCALANCE X204RNA EEC (PRP/HSR) (todas las versiones < V3.2.7). \nEl servidor web integrado podr\u00eda permitir ataques de Cross-Site Scripting (XSS) si se enga\u00f1a a usuarios desprevenidos para que accedan a un enlace malicioso. Un atacante puede utilizar esto para desencadenar una solicitud maliciosa en el dispositivo afectado."}], "id": "CVE-2022-46350", "lastModified": "2022-12-15T20:58:58.180", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-13T16:15:25.667", "references": [{"source": "productcert@siemens.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-80"}], "source": "productcert@siemens.com", "type": "Secondary"}]}