var-202212-1143
Vulnerability from variot
A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The webserver of an affected device is missing specific security headers. This could allow an remote attacker to extract confidential session information under certain circumstances. 6gk5204-0ba00-2mb2 firmware, 6gk5204-0ba00-2kb2 firmware, 6gk5204-0bs00-2na3 Multiple Siemens products such as firmware have unspecified vulnerabilities.Information may be obtained. The SCALANCE X-204RNA Industrial Ethernet Access Points enable non-PRP end devices to be connected to separate parallel networks if required
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202212-1143", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "scalance x204rna eec", "scope": "lt", "trust": 1.8, "vendor": "siemens", "version": "v3.2.7" }, { "model": "scalance x204rna", "scope": "lt", "trust": 1.2, "vendor": "siemens", "version": "v3.2.7" }, { "model": "6gk5204-0bs00-3la3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2.7" }, { "model": "6gk5204-0bs00-2na3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2.7" }, { "model": "6gk5204-0ba00-2kb2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2.7" }, { "model": "6gk5204-0bs00-3pa3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2.7" }, { "model": "6gk5204-0ba00-2mb2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2.7" }, { "model": "6gk5204-0bs00-3la3", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "6gk5204-0ba00-2mb2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "6gk5204-0bs00-2na3", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "6gk5204-0bs00-3pa3", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "6gk5204-0ba00-2kb2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87965" }, { "db": "JVNDB", "id": "JVNDB-2022-023418" }, { "db": "NVD", "id": "CVE-2022-46354" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:6gk5204-0ba00-2mb2_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.2.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:6gk5204-0ba00-2mb2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:6gk5204-0ba00-2kb2_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.2.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:6gk5204-0ba00-2kb2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:6gk5204-0bs00-2na3_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.2.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:6gk5204-0bs00-2na3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:6gk5204-0bs00-3la3_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.2.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:6gk5204-0bs00-3la3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:6gk5204-0bs00-3pa3_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.2.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:6gk5204-0bs00-3pa3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-46354" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3076" } ], "trust": 0.6 }, "cve": "CVE-2022-46354", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "HIGH", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 4.6, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.2, "id": "CNVD-2022-87965", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:A/AC:H/Au:N/C:C/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 3.9, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.3, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2022-46354", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-46354", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2022-87965", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202212-3076", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87965" }, { "db": "JVNDB", "id": "JVNDB-2022-023418" }, { "db": "NVD", "id": "CVE-2022-46354" }, { "db": "CNNVD", "id": "CNNVD-202212-3076" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions \u003c V3.2.7), SCALANCE X204RNA (PRP) (All versions \u003c V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions \u003c V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions \u003c V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions \u003c V3.2.7). The webserver of an affected device is missing specific security headers. This could allow an remote attacker to extract confidential session information under certain circumstances. 6gk5204-0ba00-2mb2 firmware, 6gk5204-0ba00-2kb2 firmware, 6gk5204-0bs00-2na3 Multiple Siemens products such as firmware have unspecified vulnerabilities.Information may be obtained. The SCALANCE X-204RNA Industrial Ethernet Access Points enable non-PRP end devices to be connected to separate parallel networks if required", "sources": [ { "db": "NVD", "id": "CVE-2022-46354" }, { "db": "JVNDB", "id": "JVNDB-2022-023418" }, { "db": "CNVD", "id": "CNVD-2022-87965" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-46354", "trust": 3.8 }, { "db": "SIEMENS", "id": "SSA-363821", "trust": 3.0 }, { "db": "ICS CERT", "id": "ICSA-22-349-02", "trust": 1.4 }, { "db": "JVN", "id": "JVNVU91561630", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-023418", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2022-87965", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202212-3076", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87965" }, { "db": "JVNDB", "id": "JVNDB-2022-023418" }, { "db": "NVD", "id": "CVE-2022-46354" }, { "db": "CNNVD", "id": "CNNVD-202212-3076" } ] }, "id": "VAR-202212-1143", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-87965" } ], "trust": 1.36919192 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87965" } ] }, "last_update_date": "2023-12-18T11:50:08.777000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens SCALANCE X-200RNA Switch Devices Improper Access Control Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/372321" }, { "title": "Siemens SCALANCE Series Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=218134" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87965" }, { "db": "CNNVD", "id": "CNNVD-202212-3076" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "others (CWE-Other) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023418" }, { "db": "NVD", "id": "CVE-2022-46354" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91561630/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-46354" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-02" }, { "trust": 0.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-363821.html" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-46354/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-349-02" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87965" }, { "db": "JVNDB", "id": "JVNDB-2022-023418" }, { "db": "NVD", "id": "CVE-2022-46354" }, { "db": "CNNVD", "id": "CNNVD-202212-3076" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-87965" }, { "db": "JVNDB", "id": "JVNDB-2022-023418" }, { "db": "NVD", "id": "CVE-2022-46354" }, { "db": "CNNVD", "id": "CNNVD-202212-3076" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-16T00:00:00", "db": "CNVD", "id": "CNVD-2022-87965" }, { "date": "2023-11-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-023418" }, { "date": "2022-12-13T16:15:25.917000", "db": "NVD", "id": "CVE-2022-46354" }, { "date": "2022-12-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-3076" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-16T00:00:00", "db": "CNVD", "id": "CNVD-2022-87965" }, { "date": "2023-11-29T01:05:00", "db": "JVNDB", "id": "JVNDB-2022-023418" }, { "date": "2022-12-16T14:50:24.547000", "db": "NVD", "id": "CVE-2022-46354" }, { "date": "2022-12-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-3076" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3076" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Vulnerabilities in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023418" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3076" } ], "trust": 0.6 } }