Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2022-46353

Published: 13/12/2022 Updated: 16/12/2022
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Siemens

Vulnerability Summary

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote malicious user to brute-force session ids and hijack existing sessions.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

siemens 6gk5204-0ba00-2mb2_firmware

siemens 6gk5204-0ba00-2kb2_firmware

siemens 6gk5204-0bs00-2na3_firmware

siemens 6gk5204-0bs00-3la3_firmware

siemens 6gk5204-0bs00-3pa3_firmware

ICS Advisories

Siemens SCALANCE X-200RNA Switch Devices
Critical Infrastructure Sectors: Chemical, Critical Manufacturing, Energy, Food and Agriculture, Water and Wastewater Systems

References

CWE-330https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdfhttps://nvd.nist.govhttps://www.cisa.gov/uscert/ics/advisories/icsa-22-349-02
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895blind SQL injectionCVE-2024-5064CVE-2023-52677CVE-2023-52682CVE-2024-30051CVE-2024-35849remote attackersremote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook