PT-2022-27836 · Siemens · Scalance X204Rna Eec+1
Published
2022-12-13
·
Updated
2022-12-16
·
CVE-2022-46353
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SCALANCE X204RNA (HSR) versions prior to V3.2.7
SCALANCE X204RNA (PRP) versions prior to V3.2.7
SCALANCE X204RNA EEC (HSR) versions prior to V3.2.7
SCALANCE X204RNA EEC (PRP) versions prior to V3.2.7
SCALANCE X204RNA EEC (PRP/HSR) versions prior to V3.2.7
Description
A vulnerability has been identified where the webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.
Recommendations
For SCALANCE X204RNA (HSR) versions prior to V3.2.7, update to version V3.2.7 or later.
For SCALANCE X204RNA (PRP) versions prior to V3.2.7, update to version V3.2.7 or later.
For SCALANCE X204RNA EEC (HSR) versions prior to V3.2.7, update to version V3.2.7 or later.
For SCALANCE X204RNA EEC (PRP) versions prior to V3.2.7, update to version V3.2.7 or later.
For SCALANCE X204RNA EEC (PRP/HSR) versions prior to V3.2.7, update to version V3.2.7 or later.
Fix
Use of Insufficiently Random Values
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Scalance X204Rna
Scalance X204Rna Eec