First published: Tue Dec 13 2022(Updated: )
A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The webserver of an affected device is missing specific security headers. This could allow an remote attacker to extract confidential session information under certain circumstances.
Credit: productcert@siemens.com productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens 6gk5204-0ba00-2mb2 Firmware | <3.2.7 | |
Siemens 6gk5204-0ba00-2mb2 | ||
Siemens 6gk5204-0ba00-2kb2 Firmware | <3.2.7 | |
Siemens 6gk5204-0ba00-2kb2 | ||
Siemens 6gk5204-0bs00-2na3 Firmware | <3.2.7 | |
Siemens 6gk5204-0bs00-2na3 | ||
Siemens 6gk5204-0bs00-3la3 Firmware | <3.2.7 | |
Siemens 6gk5204-0bs00-3la3 | ||
Siemens 6gk5204-0bs00-3pa3 Firmware | <3.2.7 | |
Siemens 6gk5204-0bs00-3pa3 | ||
All of | ||
Siemens 6gk5204-0ba00-2mb2 Firmware | <3.2.7 | |
Siemens 6gk5204-0ba00-2mb2 | ||
All of | ||
Siemens 6gk5204-0ba00-2kb2 Firmware | <3.2.7 | |
Siemens 6gk5204-0ba00-2kb2 | ||
All of | ||
Siemens 6gk5204-0bs00-2na3 Firmware | <3.2.7 | |
Siemens 6gk5204-0bs00-2na3 | ||
All of | ||
Siemens 6gk5204-0bs00-3la3 Firmware | <3.2.7 | |
Siemens 6gk5204-0bs00-3la3 | ||
All of | ||
Siemens 6gk5204-0bs00-3pa3 Firmware | <3.2.7 | |
Siemens 6gk5204-0bs00-3pa3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this SCALANCE X204RNA vulnerability is CVE-2022-46354.
The severity of CVE-2022-46354 is medium with a CVSS score of 5.3.
All versions prior to V3.2.7 of SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), and SCALANCE X204RNA EEC (PRP/HSR) are affected by CVE-2022-46354.
To fix CVE-2022-46354, upgrade your SCALANCE X204RNA devices to version V3.2.7 or later.
You can find more information about CVE-2022-46354 in the Siemens ProductCERT advisory at the following link: https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdf