CVE-2022-46353

First published: Tue Dec 13 2022(Updated: )

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.

Credit: productcert@siemens.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-index
• agent/severity
• agent/author
• agent/type
• agent/event
• agent/references
• agent/weakness
• agent/description
• agent/remedy
• agent/softwarecombine
• agent/first-publish-date
• agent/last-modified-date
• agent/tags
• collector/mitre-cve
• source/MITRE
• vendor/siemens
• canonical/siemens 6gk5204-0ba00-2mb2 firmware
• canonical/siemens 6gk5204-0ba00-2mb2
• canonical/siemens 6gk5204-0ba00-2kb2 firmware
• canonical/siemens 6gk5204-0ba00-2kb2
• canonical/siemens 6gk5204-0bs00-2na3 firmware
• canonical/siemens 6gk5204-0bs00-2na3
• canonical/siemens 6gk5204-0bs00-3la3 firmware
• canonical/siemens 6gk5204-0bs00-3la3
• canonical/siemens 6gk5204-0bs00-3pa3 firmware
• canonical/siemens 6gk5204-0bs00-3pa3