ID
VAR-202212-1143
CVE
CVE-2022-46354
TITLE
Vulnerabilities in multiple Siemens products
Trust: 0.8
DESCRIPTION
A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The webserver of an affected device is missing specific security headers. This could allow an remote attacker to extract confidential session information under certain circumstances. 6gk5204-0ba00-2mb2 firmware, 6gk5204-0ba00-2kb2 firmware, 6gk5204-0bs00-2na3 Multiple Siemens products such as firmware have unspecified vulnerabilities.Information may be obtained. The SCALANCE X-204RNA Industrial Ethernet Access Points enable non-PRP end devices to be connected to separate parallel networks if required
Trust: 2.16
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | siemens | model: | scalance x204rna eec | scope: | lt | version: | v3.2.7 | Trust: 1.8 |
| vendor: | siemens | model: | scalance x204rna | scope: | lt | version: | v3.2.7 | Trust: 1.2 |
| vendor: | siemens | model: | 6gk5204-0ba00-2mb2 | scope: | lt | version: | 3.2.7 | Trust: 1.0 |
| vendor: | siemens | model: | 6gk5204-0bs00-2na3 | scope: | lt | version: | 3.2.7 | Trust: 1.0 |
| vendor: | siemens | model: | 6gk5204-0ba00-2kb2 | scope: | lt | version: | 3.2.7 | Trust: 1.0 |
| vendor: | siemens | model: | 6gk5204-0bs00-3pa3 | scope: | lt | version: | 3.2.7 | Trust: 1.0 |
| vendor: | siemens | model: | 6gk5204-0bs00-3la3 | scope: | lt | version: | 3.2.7 | Trust: 1.0 |
| vendor: | シーメンス | model: | 6gk5204-0bs00-3la3 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | 6gk5204-0ba00-2mb2 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | 6gk5204-0bs00-2na3 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | 6gk5204-0bs00-3pa3 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | 6gk5204-0ba00-2kb2 | scope: | - | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-Other | Trust: 1.0 |
| problemtype: | CWE-284 | Trust: 1.0 |
| problemtype: | others (CWE-Other) [NVD evaluation ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
other
Trust: 0.6
PATCH
| title: | Patch for Siemens SCALANCE X-200RNA Switch Devices Improper Access Control Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/372321 | Trust: 0.6 |
| title: | Siemens SCALANCE Series Security vulnerabilities | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=218134 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-46354 | Trust: 3.8 |
| db: | SIEMENS | id: | SSA-363821 | Trust: 3.0 |
| db: | ICS CERT | id: | ICSA-22-349-02 | Trust: 1.4 |
| db: | JVN | id: | JVNVU91561630 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2022-023418 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2022-87965 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202212-3076 | Trust: 0.6 |
REFERENCES
| url: | https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdf | Trust: 2.4 |
| url: | https://jvn.jp/vu/jvnvu91561630/ | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-46354 | Trust: 0.8 |
| url: | https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-02 | Trust: 0.8 |
| url: | https://cert-portal.siemens.com/productcert/html/ssa-363821.html | Trust: 0.6 |
| url: | https://cxsecurity.com/cveshow/cve-2022-46354/ | Trust: 0.6 |
| url: | https://us-cert.cisa.gov/ics/advisories/icsa-22-349-02 | Trust: 0.6 |
CREDITS
Siemens reported these vulnerabilities to CISA.
Trust: 0.6
SOURCES
| db: | CNVD | id: | CNVD-2022-87965 |
| db: | JVNDB | id: | JVNDB-2022-023418 |
| db: | CNNVD | id: | CNNVD-202212-3076 |
| db: | NVD | id: | CVE-2022-46354 |
LAST UPDATE DATE
2024-08-14T12:49:29.595000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2022-87965 | date: | 2022-12-16T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-023418 | date: | 2023-11-29T01:05:00 |
| db: | CNNVD | id: | CNNVD-202212-3076 | date: | 2022-12-19T00:00:00 |
| db: | NVD | id: | CVE-2022-46354 | date: | 2022-12-16T14:50:24.547 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2022-87965 | date: | 2022-12-16T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-023418 | date: | 2023-11-29T00:00:00 |
| db: | CNNVD | id: | CNNVD-202212-3076 | date: | 2022-12-13T00:00:00 |
| db: | NVD | id: | CVE-2022-46354 | date: | 2022-12-13T16:15:25.917 |