Vulnerabilities > CVE-2022-46354 - Unspecified vulnerability in Siemens products

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

siemens

NVD

Published: 2022-12-13

Updated: 2022-12-16

Summary

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The webserver of an affected device is missing specific security headers. This could allow an remote attacker to extract confidential session information under certain circumstances.

Vulnerable Configurations

Part	Description	Count
OS	Siemens Siemens 6Gk5204 0Ba00 2Mb2 Firmware * Siemens 6Gk5204 0Ba00 2Kb2 Firmware * Siemens 6Gk5204 0Bs00 2Na3 Firmware * Siemens 6Gk5204 0Bs00 3La3 Firmware * Siemens 6Gk5204 0Bs00 3Pa3 Firmware *	5
Hardware	Siemens Siemens 6Gk5204 0Ba00 2Mb2 - Siemens 6Gk5204 0Ba00 2Kb2 - Siemens 6Gk5204 0Bs00 2Na3 - Siemens 6Gk5204 0Bs00 3La3 - Siemens 6Gk5204 0Bs00 3Pa3 -	5

References

https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdf