PT-2022-2547 · Siemens · Scalance X310+15

Published

2022-02-22

·

Updated

2022-04-19

·

CVE-2022-25756

CVSS v2.0

6.8

Medium

VectorAV:A/AC:H/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions SCALANCE X302-7 EEC (230V) SCALANCE X302-7 EEC (230V, coated) SCALANCE X302-7 EEC (24V) SCALANCE X302-7 EEC (24V, coated) SCALANCE X302-7 EEC (2x 230V) SCALANCE X302-7 EEC (2x 230V, coated) SCALANCE X302-7 EEC (2x 24V) SCALANCE X302-7 EEC (2x 24V, coated) SCALANCE X304-2FE SCALANCE X306-1LD FE SCALANCE X307-2 EEC (230V) SCALANCE X307-2 EEC (230V, coated) SCALANCE X307-2 EEC (24V) SCALANCE X307-2 EEC (24V, coated) SCALANCE X307-2 EEC (2x 230V) SCALANCE X307-2 EEC (2x 230V, coated) SCALANCE X307-2 EEC (2x 24V) SCALANCE X307-2 EEC (2x 24V, coated) SCALANCE X307-3 SCALANCE X307-3LD SCALANCE X308-2 SCALANCE X308-2LD SCALANCE X308-2LH SCALANCE X308-2LH+ SCALANCE X308-2M SCALANCE X308-2M PoE SCALANCE X308-2M TS SCALANCE X310 SCALANCE X310FE SCALANCE X320-1 FE SCALANCE X320-1-2LD FE SCALANCE X408-2 SCALANCE XR324-12M (230V, ports on front) SCALANCE XR324-12M (230V, ports on rear) SCALANCE XR324-12M (24V, ports on front) SCALANCE XR324-12M (24V, ports on rear) SCALANCE XR324-12M TS (24V) SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) SCALANCE XR324-4M EEC (24V, ports on front) SCALANCE XR324-4M EEC (24V, ports on rear) SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) SCALANCE XR324-4M EEC (2x 24V, ports on front) SCALANCE XR324-4M EEC (2x 24V, ports on rear) SCALANCE XR324-4M PoE (230V, ports on front) SCALANCE XR324-4M PoE (230V, ports on rear) SCALANCE XR324-4M PoE (24V, ports on front) SCALANCE XR324-4M PoE (24V, ports on rear) SCALANCE XR324-4M PoE TS (24V, ports on front) SIPLUS NET SCALANCE X308-2
Description The integrated web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. This can be used by an attacker to trigger a malicious request on the affected device.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-80CWE-79

Related Identifiers

BDU:2022-02966
CVE-2022-25756

Affected Products

Scalance X302-7 Eec
Scalance X304-2Fe
Scalance X306-1Ld Fe
Scalance X307-2 Eec
Scalance X307-3Ld
Scalance X308-2
Scalance X308-2M
Scalance X308-2M Poe
Scalance X310
Scalance X320-1 Fe
Scalance X320-1-2Ld Fe
Scalance X408-2
Scalance Xr324-12M
Scalance Xr324-4M Eec
Scalance Xr324-4M Poe
Siplus Net Scalance X308-2