CVE-2022-46350
MEDIUM
6,1
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: changed
Confidentiality: low
Integrity: low
Availability: none
Description
AI Translation Available
A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. This can be used by an attacker to trigger a malicious request on the affected device.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0067
Percentile
0,7th
Updated
EPSS Score Trend (Last 90 Days)
79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
StableCommon Consequences
Security Scopes Affected:
Access Control
Confidentiality
Integrity
Availability
Potential Impacts:
Bypass Protection Mechanism
Read Application Data
Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies:
AI/ML, Web Based, Web Server
80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
IncompleteCommon Consequences
Security Scopes Affected:
Confidentiality
Integrity
Availability
Potential Impacts:
Read Application Data
Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies:
Web Based, Web Server
Operating System
6Gk5204-0Bs00-3Pa3 Firmware by Siemens
Version Range Affected
To
3.2.7
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:siemens:6gk5204-0bs00-3pa3_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
6Gk5204-0Ba00-2Mb2 Firmware by Siemens
Version Range Affected
To
3.2.7
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:siemens:6gk5204-0ba00-2mb2_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
6Gk5204-0Bs00-3La3 Firmware by Siemens
Version Range Affected
To
3.2.7
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:siemens:6gk5204-0bs00-3la3_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
6Gk5204-0Ba00-2Kb2 Firmware by Siemens
Version Range Affected
To
3.2.7
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:siemens:6gk5204-0ba00-2kb2_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
6Gk5204-0Bs00-2Na3 Firmware by Siemens
Version Range Affected
To
3.2.7
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:siemens:6gk5204-0bs00-2na3_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdf