CVE-2022-46350 in SCALANCE X204RNAinfo

Summary

by MITRE • 12/13/2022

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. This can be used by an attacker to trigger a malicious request on the affected device.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 04/22/2025

This vulnerability affects Siemens SCALANCE X204RNA series industrial network switches that implement HSR (High Availability Router Protocol) and PRP (Precision Time Protocol) communication standards. The affected devices operate in critical infrastructure environments where network reliability and security are paramount. The vulnerability resides within the integrated web server component that provides administrative access to these industrial network devices. These switches are commonly deployed in manufacturing environments, process control systems, and other industrial settings where maintaining operational continuity is essential.

The technical flaw represents a classic cross-site scripting vulnerability that occurs when the web server fails to properly sanitize user input before incorporating it into dynamically generated web pages. When an attacker crafts a malicious link containing crafted script code and convinces a user to click it, the script executes within the context of the victim's browser session with the web server. This allows the attacker to perform actions such as modifying device configurations, extracting sensitive information, or redirecting users to malicious sites. The vulnerability specifically impacts all versions prior to V3.2.7, indicating that Siemens has acknowledged and addressed this weakness in their security updates.

The operational impact of this vulnerability is significant within industrial control systems where these switches serve as critical communication infrastructure. An attacker who successfully exploits this vulnerability could potentially disrupt production processes by modifying network configurations, gain unauthorized access to sensitive operational data, or establish persistent access points within the industrial network. The ability to trigger malicious requests on the affected device means that attackers could perform administrative functions without proper authentication, potentially leading to complete compromise of the network segment. This vulnerability aligns with CWE-79 which identifies cross-site scripting flaws, and represents a serious concern for industrial cybersecurity given the potential for operational technology disruption.

Organizations should immediately implement mitigations including applying the available firmware updates to versions V3.2.7 or later, which contain the necessary security patches. Network segmentation should be implemented to limit access to these devices to authorized personnel only, and administrative access should be restricted to secure networks with proper authentication mechanisms. Additionally, organizations should monitor network traffic for suspicious activity and implement web application firewalls to detect and block malicious requests. The vulnerability demonstrates the importance of maintaining current firmware versions in industrial environments, as highlighted by ATT&CK technique T1595 which covers network infiltration through web application attacks. Regular security assessments and vulnerability management programs should be implemented to ensure timely patch deployment across all industrial network infrastructure components.

Reservation

11/30/2022

Disclosure

12/13/2022

Moderation

accepted

CPE

ready

EPSS

0.00446

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!