PT-2022-27837 · Siemens · Scalance X204Rna+1
Published
2022-12-13
·
Updated
2022-12-16
·
CVE-2022-46354
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SCALANCE X204RNA (HSR) versions prior to V3.2.7
SCALANCE X204RNA (PRP) versions prior to V3.2.7
SCALANCE X204RNA EEC (HSR) versions prior to V3.2.7
SCALANCE X204RNA EEC (PRP) versions prior to V3.2.7
SCALANCE X204RNA EEC (PRP/HSR) versions prior to V3.2.7
Description
A vulnerability has been identified where the webserver of an affected device is missing specific security headers. This could allow a remote attacker to extract confidential session information under certain circumstances.
Recommendations
For SCALANCE X204RNA (HSR) versions prior to V3.2.7, update to version V3.2.7 or later.
For SCALANCE X204RNA (PRP) versions prior to V3.2.7, update to version V3.2.7 or later.
For SCALANCE X204RNA EEC (HSR) versions prior to V3.2.7, update to version V3.2.7 or later.
For SCALANCE X204RNA EEC (PRP) versions prior to V3.2.7, update to version V3.2.7 or later.
For SCALANCE X204RNA EEC (PRP/HSR) versions prior to V3.2.7, update to version V3.2.7 or later.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Scalance X204Rna
Scalance X204Rna Eec