7.5
CVE-2022-46355
- EPSS 0.34%
- Veröffentlicht 13.12.2022 16:15:25
- Zuletzt bearbeitet 22.04.2025 15:16:06
- Quelle productcert@siemens.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The affected products are vulnerable to an "Exposure of Sensitive Information to an Unauthorized Actor" vulnerability by leaking sensitive data in the HTTP Referer.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Siemens ≫ 6gk5204-0ba00-2mb2 Firmware Version < 3.2.7
Siemens ≫ 6gk5204-0ba00-2kb2 Firmware Version < 3.2.7
Siemens ≫ 6gk5204-0bs00-2na3 Firmware Version < 3.2.7
Siemens ≫ 6gk5204-0bs00-3la3 Firmware Version < 3.2.7
Siemens ≫ 6gk5204-0bs00-3pa3 Firmware Version < 3.2.7
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.34% | 0.56 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.