9.8

CVE-2022-46353

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Siemens6gk5204-0ba00-2mb2 Firmware Version < 3.2.7
   Siemens6gk5204-0ba00-2mb2 Version-
Siemens6gk5204-0ba00-2kb2 Firmware Version < 3.2.7
   Siemens6gk5204-0ba00-2kb2 Version-
Siemens6gk5204-0bs00-2na3 Firmware Version < 3.2.7
   Siemens6gk5204-0bs00-2na3 Version-
Siemens6gk5204-0bs00-3la3 Firmware Version < 3.2.7
   Siemens6gk5204-0bs00-3la3 Version-
Siemens6gk5204-0bs00-3pa3 Firmware Version < 3.2.7
   Siemens6gk5204-0bs00-3pa3 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.82% 0.823
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.