CVE-2022-46350

🗓️ 13 Dec 2022 00:00:00Reported by siemensType

A Cross-Site Scripting vulnerability in SCALANCE X204RNA and SCALANCE X204RNA EEC devices before V3.2.7 allows attackers to execute malicious requests via the integrated web server

Reporter	Title	Published	Views	Family All 13
CNNVD	Siemens SCALANCE Series 跨站脚本漏洞	13 Dec 202200:00	–	cnnvd
CNVD	Siemens SCALANCE X-200RNA Switch Devices Cross-Site Scripting Vulnerability	14 Dec 202200:00	–	cnvd
CVE	CVE-2022-46350	13 Dec 202200:00	–	cve
EUVD	EUVD-2022-49166	3 Oct 202520:07	–	euvd
ICS	Siemens SCALANCE X-200RNA Switch Devices	13 Dec 202200:00	–	ics
NCSC	Vulnerabilities fixed in Siemens products	13 Dec 202200:00	–	ncsc
NVD	CVE-2022-46350	13 Dec 202216:15	–	nvd
OSV	CVE-2022-46350	13 Dec 202216:15	–	osv
Prion	Cross site scripting	13 Dec 202216:15	–	prion
Positive Technologies	PT-2022-27833 · Siemens · Scalance X204Rna Eec +1	13 Dec 202200:00	–	ptsecurity

[
  {
    "vendor": "Siemens",
    "product": "SCALANCE X204RNA (HSR)",
    "versions": [
      {
        "version": "All versions < V3.2.7",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X204RNA (PRP)",
    "versions": [
      {
        "version": "All versions < V3.2.7",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X204RNA EEC (HSR)",
    "versions": [
      {
        "version": "All versions < V3.2.7",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X204RNA EEC (PRP)",
    "versions": [
      {
        "version": "All versions < V3.2.7",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X204RNA EEC (PRP/HSR)",
    "versions": [
      {
        "version": "All versions < V3.2.7",
        "status": "affected"
      }
    ]
  }
]

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-363821.pdf

13 Dec 2022 00:00Current

5.9Medium risk

Vulners AI Score5.9

EPSS0.00446

CWE-80