5.3
CVE-2022-46354
- EPSS 0.3%
- Published 13.12.2022 16:15:25
- Last modified 22.04.2025 15:16:06
- Source productcert@siemens.com
- Teams watchlist Login
- Open Login
A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The webserver of an affected device is missing specific security headers. This could allow an remote attacker to extract confidential session information under certain circumstances.
Data is provided by the National Vulnerability Database (NVD)
Siemens ≫ 6gk5204-0ba00-2mb2 Firmware Version < 3.2.7
Siemens ≫ 6gk5204-0ba00-2kb2 Firmware Version < 3.2.7
Siemens ≫ 6gk5204-0bs00-2na3 Firmware Version < 3.2.7
Siemens ≫ 6gk5204-0bs00-3la3 Firmware Version < 3.2.7
Siemens ≫ 6gk5204-0bs00-3pa3 Firmware Version < 3.2.7
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.3% | 0.532 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.