Skip to main content

Scalance M 800 Firmware CVE-2022-36325

MEDIUM
Basic XSS (CWE-80)
2022-08-10 productcert@siemens.com
XSS Scalance M 800 Firmware Scalance S615 Firmware Scalance Sc 600 Firmware Scalance Sc622 2C Firmware Scalance Sc632 2C Firmware Scalance Sc636 2C Firmware Scalance Sc642 2C Firmware Scalance Sc646 2C Firmware Scalance W700 Ieee 802 11Ax Firmware Scalance W700 Ieee 802 11N Firmware Scalance W700 Ieee 802 11Ac Firmware Scalance Xb 200 Firmware Scalance Xb205 3 Firmware Scalance Xb205 3Ld Firmware Scalance Xb208 Firmware Scalance Xb213 3 Firmware Scalance Xb213 3Ld Firmware Scalance Xb216 Firmware Scalance Xc 200 Firmware Scalance Xc206 2 Firmware Scalance Xc206 2G Poe Firmware Scalance Xc206 2G Poe Eec Firmware Scalance Xc206 2Sfp Eec Firmware Scalance Xc206 2Sfp G Firmware Scalance Xc206 2Sfp G E Ip Firmware Scalance Xc206 2Sfp G Eec Firmware Scalance Xc208 Firmware Scalance Xc208Eec Firmware Scalance Xc208G Firmware Scalance Xc208G E Ip Firmware Scalance Xc208G Eec Firmware Scalance Xc208G Poe Firmware Scalance Xc216 Firmware Scalance Xc216 4C Firmware Scalance Xc216 4C G Firmware Scalance Xc216 4C G E Ip Firmware Scalance Xc216 4C G Eec Firmware Scalance Xc216Eec Firmware Scalance Xc224 Firmware Scalance Xc224 4C G Firmware Scalance Xc224 4C G E Ip Firmware Scalance Xc224 4C G Eec Firmware Scalance Xf 200Ba Firmware Scalance Xf204 2Ba Dna Firmware Scalance Xf204 2Ba Irt Firmware Scalance Xm400 Firmware Scalance Xm408 4C Firmware Scalance Xm408 4C L3 Firmware Scalance Xm408 8C Firmware Scalance Xm408 8C L3 Firmware Scalance Xm416 4C Firmware Scalance Xm416 4C L3 Firmware Scalance Xp 200 Firmware Scalance Xp208 Firmware Scalance Xp208 Eip Firmware Scalance Xp208Eec Firmware Scalance Xp208Poe Eec Firmware Scalance Xp216 Firmware Scalance Xp216 Eip Firmware Scalance Xp216Eec Firmware Scalance Xp216Poe Eec Firmware Scalance Xr 300 Firmware Scalance Xr 300Eec Firmware Scalance Xr 300Poe Firmware Scalance Xr 300Wg Firmware Scalance Xr324 12M Firmware Scalance Xr324 12M Ts Firmware Scalance Xr324 4M Eec Firmware Scalance Xr324 4M Poe Firmware Scalance Xr324 4M Poe Ts Firmware Scalance Xr324Wg Firmware Scalance Xr326 2C Poe Wg Firmware Scalance Xr328 4C Wg Firmware Scalance Xr500 Firmware Scalance Xr524 Firmware Scalance Xr524 8C Firmware Scalance Xr524 8C L3 Firmware Scalance Xr526 Firmware Scalance Xr526 8C Firmware Scalance Xr526 8C L3 Firmware Scalance Xr528 Firmware Scalance Xr528 6M Firmware Scalance Xr528 6M 2Hr2 Firmware Scalance Xr528 6M 2Hr2 L3 Firmware Scalance Xr528 6M L3 Firmware Scalance Xr552 Firmware Scalance Xr552 12 Firmware Scalance Xr552 12M Firmware Scalance Xr552 12M 2Hr2 Firmware Scalance Xr552 12M 2Hr2 L3 Firmware
6.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 10, 2022 - 12:15 cve.org
MEDIUM 6.8

DescriptionCVE.org

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS.

AnalysisAI

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-80. Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS. Affected products include: Siemens Scalance M-800 Firmware, Siemens Scalance S615 Firmware, Siemens Scalance Sc-600 Firmware, Siemens Scalance Sc622-2C Firmware, Siemens Scalance Sc632-2C Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-14491 CRITICAL POC
9.8 Oct 04

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execut

CVE-2022-36323 CRITICAL
9.1 Aug 10

Affected devices do not properly sanitize an input field. Rated critical severity (CVSS 9.1), this vulnerability is remo

CVE-2022-36324 HIGH
7.5 Aug 10

Affected devices do not properly handle the renegotiation of SSL/TLS parameters. Rated high severity (CVSS 7.5), this vu

CVE-2021-25667 HIGH
8.8 Mar 15

A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions

CVE-2017-2680 HIGH
7.1 May 11

Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a loc

CVE-2021-25676 HIGH
7.5 Mar 15

A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC

CVE-2018-5391 HIGH
7.5 Sep 06

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packet

CVE-2017-2681 HIGH
7.1 May 11

Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a d

CVE-2021-3449 MEDIUM
5.9 Mar 25

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Rated med

CVE-2016-7090 MEDIUM
4.0 Sep 29

The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure f

Share

CVE-2022-36325 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy