CVE-2022-36325

Name of the Vulnerable Software and Affected Versions SCALANCE M-800 / S615 versions prior to V2.3.1 SCALANCE SC-600 family versions prior to V2.3.1 SCALANCE W-1700 IEEE 802.11ac family versions prior to V2.3.1 SCALANCE W-700 IEEE 802.11ax family versions prior to V2.3.1 SCALANCE W-700 IEEE 802.11n family versions prior to V2.3.1 SCALANCE XB-200 switch family versions prior to V2.3.1 SCALANCE XC-200 switch family versions prior to V2.3.1 SCALANCE XF-200BA switch family versions prior to V2.3.1 SCALANCE XM-400 Family versions prior to V2.3.1 SCALANCE XP-200 switch family versions prior to V2.3.1 SCALANCE XR-300WG switch family versions prior to V2.3.1 SCALANCE XR-500 Family versions prior to V2.3.1

Description Affected devices do not properly sanitize data introduced by a user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS. The issue is related to the failure to neutralize script-related HTML tags on the web page.

Recommendations For SCALANCE M-800 / S615 versions prior to V2.3.1, update to version V2.3.1 or later. For SCALANCE SC-600 family versions prior to V2.3.1, update to version V2.3.1 or later. For SCALANCE W-1700 IEEE 802.11ac family versions prior to V2.3.1, update to version V2.3.1 or later. For SCALANCE W-700 IEEE 802.11ax family versions prior to V2.3.1, update to version V2.3.1 or later. For SCALANCE W-700 IEEE 802.11n family versions prior to V2.3.1, update to version V2.3.1 or later. For SCALANCE XB-200 switch family versions prior to V2.3.1, update to version V2.3.1 or later. For SCALANCE XC-200 switch family versions prior to V2.3.1, update to version V2.3.1 or later. For SCALANCE XF-200BA switch family versions prior to V2.3.1, update to version V2.3.1 or later. For SCALANCE XM-400 Family versions prior to V2.3.1, update to version V2.3.1 or later. For SCALANCE XP-200 switch family versions prior to V2.3.1, update to version V2.3.1 or later. For SCALANCE XR-300WG switch family versions prior to V2.3.1, update to version V2.3.1 or later. For SCALANCE XR-500 Family versions prior to V2.3.1, update to version V2.3.1 or later.