6.8
CVE-2022-36325
- EPSS 0.37%
- Published 10.08.2022 12:15:12
- Last modified 21.11.2024 07:12:47
- Source productcert@siemens.com
- Teams watchlist Login
- Open Login
Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS.
Data is provided by the National Vulnerability Database (NVD)
Siemens ≫ Scalance Sc-600 Firmware Version < 2.3.1
Siemens ≫ Scalance Sc622-2c Firmware Version < 2.3.1
Siemens ≫ Scalance Sc632-2c Firmware Version < 2.3.1
Siemens ≫ Scalance Sc636-2c Firmware Version < 2.3.1
Siemens ≫ Scalance Sc642-2c Firmware Version < 2.3.1
Siemens ≫ Scalance Sc646-2c Firmware Version < 2.3.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.37% | 0.58 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.8 | 1.7 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
| productcert@siemens.com | 6.8 | 0.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
|
CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.