CVE-2022-36325

high-risk
Published 2022-08-10

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS.

Do I need to act?

-
0.29% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.8/10 Medium
NETWORK / LOW complexity

Affected Products (20)

Scalance M-800 Firmware
Scalance Sc-600 Firmware
Scalance Sc622-2C Firmware
Scalance Sc632-2C Firmware
Scalance Sc636-2C Firmware
Scalance Sc642-2C Firmware
Scalance Sc646-2C Firmware
Scalance W700 Ieee 802.11Ax Firmware
Scalance W700 Ieee 802.11N Firmware
Scalance W700 Ieee 802.11Ac Firmware
Scalance Xb-200 Firmware
Scalance Xb205-3 Firmware
Scalance Xb205-3Ld Firmware
Scalance Xb208 Firmware
Scalance Xb213-3 Firmware
Scalance Xb213-3Ld Firmware
Scalance Xb216 Firmware
Scalance Xc-200 Firmware
Scalance Xc206-2 Firmware

Affected Vendors

Siemens

References (2)

Mitigation https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf
Mitigation https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf
55
/ 100
high-risk
Severity 25/34 · High
Exploitability 1/34 · Minimal
Exposure 29/34 · Critical