CVE-2022-46353
CRITICAL
9,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Description
AI Translation Available
A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0198
Percentile
0,8th
Updated
EPSS Score Trend (Last 90 Days)
330
Use of Insufficiently Random Values
StableCommon Consequences
Security Scopes Affected:
Confidentiality
Other
Access Control
Potential Impacts:
Other
Bypass Protection Mechanism
Gain Privileges Or Assume Identity
Applicable Platforms
All platforms may be affected
Operating System
6Gk5204-0Bs00-3Pa3 Firmware by Siemens
Version Range Affected
To
3.2.7
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:siemens:6gk5204-0bs00-3pa3_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
6Gk5204-0Ba00-2Mb2 Firmware by Siemens
Version Range Affected
To
3.2.7
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:siemens:6gk5204-0ba00-2mb2_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
6Gk5204-0Bs00-3La3 Firmware by Siemens
Version Range Affected
To
3.2.7
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:siemens:6gk5204-0bs00-3la3_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
6Gk5204-0Ba00-2Kb2 Firmware by Siemens
Version Range Affected
To
3.2.7
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:siemens:6gk5204-0ba00-2kb2_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
6Gk5204-0Bs00-2Na3 Firmware by Siemens
Version Range Affected
To
3.2.7
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:siemens:6gk5204-0bs00-2na3_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdf