CVE-2022-46353

CRITICAL

SCALANCE X204RNA - Info Disclosure

Title source: llm

Description

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.

References (1)

[Patch, Vendor Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdf

Scores

CVSS v3 9.8

EPSS 0.0199

EPSS Percentile 83.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-330

Status published

Products (5)

siemens/6gk5204-0ba00-2kb2_firmware < 3.2.7

siemens/6gk5204-0ba00-2mb2_firmware < 3.2.7

siemens/6gk5204-0bs00-2na3_firmware < 3.2.7

siemens/6gk5204-0bs00-3la3_firmware < 3.2.7

siemens/6gk5204-0bs00-3pa3_firmware < 3.2.7

Published Dec 13, 2022

Tracked Since Feb 18, 2026