Siemens SCALANCE devices cross-site scripting | CVE-2022-40631
NAME
Siemens SCALANCE devices cross-site scripting
- Platforms Affected:
Siemens SCALANCE X200-4P IRT
Siemens SCALANCE X201-3P IRT
Siemens SCALANCE X202-2IRT
Siemens SCALANCE X202-2P IRT
Siemens SCALANCE X204IRT
Siemens SCALANCE X200-4P IRT
Siemens SCALANCE X201-3P IRT
Siemens SCALANCE X201-3P IRT PRO
Siemens SCALANCE X202-2IRT
Siemens SCALANCE X202-2P IRT
Siemens SCALANCE X202-2P IRT PRO
Siemens SCALANCE X204-2
Siemens SCALANCE X204-2FM
Siemens SCALANCE X204-2LD
Siemens SCALANCE X204-2LD TS
Siemens SCALANCE X204-2TS
Siemens SCALANCE X204IRT
Siemens SCALANCE X204IRT
Siemens SCALANCE X206-1
Siemens SCALANCE X206-1
Siemens SCALANCE X208
Siemens SCALANCE X208PRO
Siemens SCALANCE X212-2
Siemens SCALANCE X212-2LD
Siemens SCALANCE X216
Siemens SCALANCE X224
Siemens SCALANCE XF201-3P
Siemens SCALANCE XF202-2P
Siemens SCALANCE XF204
Siemens SCALANCE XF204-2
Siemens SCALANCE XF204-2BA IRT
Siemens SCALANCE XF204IRT
Siemens SCALANCE XF206-1
Siemens SCALANCE XF208
Siemens SCALANCE SIPLUS NET SCALANCE X202-2P IRT - Risk Level:
7.3 - Exploitability:
High - Consequences:
Denial of Service
DESCRIPTION
Siemens SCALANCE devices are vulnerable to DOM-based cross-site scripting, caused by improper validation of user-supplied input by the web interface. A remote attacker could exploit this vulnerability to execute script in a victim’s Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Access Vector: Network
- Access Complexity: Low
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
- Remediation Level: Official Fix
MITIGATION
Refer to Siemens Security Advisory SSA-501891 for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://cert-portal.siemens.com/productcert/pdf/ssa-501891.pdf - Reference Link:
https://www.cisa.gov/uscert/ics/advisories/icsa-22-286-15
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon using the button below
To keep up to date follow us on the below channels.
