CVE-2022-25756 Information
Description
A vulnerability has been identified in SCALANCE X302-7 EEC (230V) SCALANCE X302-7 EEC (230V coated) SCALANCE X302-7 EEC (24V) SCALANCE X302-7 EEC (24V coated) SCALANCE X302-7 EEC (2x 230V) SCALANCE X302-7 EEC (2x 230V coated) SCALANCE X302-7 EEC (2x 24V) SCALANCE X302-7 EEC (2x 24V coated) SCALANCE X304-2FE SCALANCE X306-1LD FE SCALANCE X307-2 EEC (230V) SCALANCE X307-2 EEC (230V coated) SCALANCE X307-2 EEC (24V) SCALANCE X307-2 EEC (24V coated) SCALANCE X307-2 EEC (2x 230V) SCALANCE X307-2 EEC (2x 230V coated) SCALANCE X307-2 EEC (2x 24V) SCALANCE X307-2 EEC (2x 24V coated) SCALANCE X307-3 SCALANCE X307-3 SCALANCE X307-3LD SCALANCE X307-3LD SCALANCE X308-2 SCALANCE X308-2 SCALANCE X308-2LD SCALANCE X308-2LD SCALANCE X308-2LH SCALANCE X308-2LH SCALANCE X308-2LH+ SCALANCE X308-2LH+ SCALANCE X308-2M SCALANCE X308-2M SCALANCE X308-2M PoE SCALANCE X308-2M PoE SCALANCE X308-2M TS SCALANCE X308-2M TS SCALANCE X310 SCALANCE X310 SCALANCE X310FE SCALANCE X310FE SCALANCE X320-1 FE SCALANCE X320-1-2LD FE SCALANCE X408-2 SCALANCE XR324-12M (230V ports on front) SCALANCE XR324-12M (230V ports on front) SCALANCE XR324-12M (230V ports on rear) SCALANCE XR324-12M (230V ports on rear) SCALANCE XR324-12M (24V ports on front) SCALANCE XR324-12M (24V ports on front) SCALANCE XR324-12M (24V ports on rear) SCALANCE XR324-12M (24V ports on rear) SCALANCE XR324-12M TS (24V) SCALANCE XR324-12M TS (24V) SCALANCE XR324-4M EEC (100-240VAC/60-250VDC ports on front) SCALANCE XR324-4M EEC (100-240VAC/60-250VDC ports on front) SCALANCE XR324-4M EEC (100-240VAC/60-250VDC ports on rear) SCALANCE XR324-4M EEC (100-240VAC/60-250VDC ports on rear) SCALANCE XR324-4M EEC (24V ports on front) SCALANCE XR324-4M EEC (24V ports on front) SCALANCE XR324-4M EEC (24V ports on rear) SCALANCE XR324-4M EEC (24V ports on rear) SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC ports on front) SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC ports on front) SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC ports on rear) SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC ports on rear) SCALANCE XR324-4M EEC (2x 24V ports on front) SCALANCE XR324-4M EEC (2x 24V ports on front) SCALANCE XR324-4M EEC (2x 24V ports on rear) SCALANCE XR324-4M EEC (2x 24V ports on rear) SCALANCE XR324-4M PoE (230V ports on front) SCALANCE XR324-4M PoE (230V ports on rear) SCALANCE XR324-4M PoE (24V ports on front) SCALANCE XR324-4M PoE (24V ports on rear) SCALANCE XR324-4M PoE TS (24V ports on front) SIPLUS NET SCALANCE X308-2. The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. This can be used by an attacker to trigger a malicious request on the affected device.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Reference
https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
6.1
Share on: