2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2022-46353" ,
"sourceIdentifier" : "productcert@siemens.com" ,
"published" : "2022-12-13T16:15:25.853" ,
"lastModified" : "2022-12-16T14:47:21.017" ,
"vulnStatus" : "Analyzed" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions."
2024-04-04 08:46:00 +00:00
} ,
{
"lang" : "es" ,
"value" : "Se ha identificado una vulnerabilidad en:\nSCALANCE X204RNA (HSR) (Todas las versiones < V3.2.7), \nSCALANCE X204RNA (PRP) (Todas las versiones < V3.2.7), \nSCALANCE X204RNA EEC (HSR) (Todas las versiones < V3.2.7 ), \nSCALANCE X204RNA EEC (PRP) (todas las versiones < V3.2.7), \nSCALANCE X204RNA EEC (PRP/HSR) (todas las versiones < V3.2.7). \nEl servidor web de los dispositivos afectados calcula los identificadores y n\u00fameros de sesi\u00f3n de forma insegura. Esto podr\u00eda permitir que un atacante remoto no autenticado utilice fuerza bruta para identificar ID de sesi\u00f3n y secuestrar sesiones existentes."
2023-04-24 12:24:31 +02:00
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 9.8 ,
"baseSeverity" : "CRITICAL"
} ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 5.9
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-330"
}
]
} ,
{
"source" : "productcert@siemens.com" ,
"type" : "Secondary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-330"
}
]
}
] ,
"configurations" : [
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-05-19 02:03:31 +00:00
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:siemens:6gk5204-0ba00-2mb2:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "AF6E5E68-552D-40C1-A4AB-605D0F21688F"
2023-04-24 12:24:31 +02:00
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-05-19 02:03:31 +00:00
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:siemens:6gk5204-0ba00-2mb2_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "3.2.7" ,
"matchCriteriaId" : "77A54E43-E9A5-49CF-BA3C-E6878C2C713F"
2023-04-24 12:24:31 +02:00
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-05-19 02:03:31 +00:00
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:siemens:6gk5204-0ba00-2kb2:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7B61CA05-D98E-4BD6-BE78-58574B2DE5CA"
2023-04-24 12:24:31 +02:00
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-05-19 02:03:31 +00:00
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:siemens:6gk5204-0ba00-2kb2_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "3.2.7" ,
"matchCriteriaId" : "CE326B9F-A613-46B5-A20D-BE9D41A80857"
2023-04-24 12:24:31 +02:00
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-05-19 02:03:31 +00:00
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:siemens:6gk5204-0bs00-2na3:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "28B98E8F-0E32-4BA4-8237-055BDB25C1B3"
2023-04-24 12:24:31 +02:00
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-05-19 02:03:31 +00:00
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:siemens:6gk5204-0bs00-2na3_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "3.2.7" ,
"matchCriteriaId" : "F6FCF31E-22CA-4038-AC27-BAEA752A718D"
2023-04-24 12:24:31 +02:00
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-05-19 02:03:31 +00:00
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:siemens:6gk5204-0bs00-3la3:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D92CFF31-E138-49D0-A9FF-A91E7342AEFC"
2023-04-24 12:24:31 +02:00
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-05-19 02:03:31 +00:00
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:siemens:6gk5204-0bs00-3la3_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "3.2.7" ,
"matchCriteriaId" : "A7EA94F5-1AB0-4BE2-810A-46B840070856"
2023-04-24 12:24:31 +02:00
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-05-19 02:03:31 +00:00
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:siemens:6gk5204-0bs00-3pa3:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1572F77B-98B7-44D9-9DF9-9EC56CD6E571"
2023-04-24 12:24:31 +02:00
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-05-19 02:03:31 +00:00
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:siemens:6gk5204-0bs00-3pa3_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "3.2.7" ,
"matchCriteriaId" : "06CBD11B-3671-425B-89EB-4B9677B3316B"
2023-04-24 12:24:31 +02:00
}
]
}
]
}
] ,
"references" : [
{
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdf" ,
"source" : "productcert@siemens.com" ,
"tags" : [
"Patch" ,
"Vendor Advisory"
]
}
]
}
