cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-46355,https://securityvulnerability.io/vulnerability/CVE-2022-46355,Sensitive Data Exposure in SCALANCE X204RNA Products by Siemens,"A significant vulnerability has been identified in multiple SCALANCE X204RNA products from Siemens. This issue allows for the unintended leakage of sensitive information via the HTTP Referer header, potentially exposing critical data to unauthorized actors. All versions prior to V3.2.7 are affected across various configurations, including HSR and PRP modes. Users of these devices should take immediate action to mitigate this risk by upgrading to the recommended version.",Siemens,"Scalance X204rna (hsr),Scalance X204rna (prp),Scalance X204rna Eec (hsr),Scalance X204rna Eec (prp),Scalance X204rna Eec (prp/hsr)",7.5,HIGH,0.001509999972768128,false,,false,false,false,,false,false,2022-12-13T00:00:00.000Z,0
CVE-2022-46353,https://securityvulnerability.io/vulnerability/CVE-2022-46353,Session Hijacking Vulnerability in SCALANCE X204RNA by Siemens,"A vulnerability has been found in the SCALANCE X204RNA series by Siemens, where the webserver improperly calculates session IDs and nonces. This flaw allows unauthenticated remote attackers to conduct brute-force attempts on session IDs, potentially leading to session hijacking. Users of the affected versions, specifically those below V3.2.7, are at risk of having their active sessions compromised, which could lead to unauthorized access to sensitive information and control over network operations.",Siemens,"Scalance X204rna (hsr),Scalance X204rna (prp),Scalance X204rna Eec (hsr),Scalance X204rna Eec (prp),Scalance X204rna Eec (prp/hsr)",9.8,CRITICAL,0.0042500002309679985,false,,false,false,false,,false,false,2022-12-13T00:00:00.000Z,0
CVE-2022-46354,https://securityvulnerability.io/vulnerability/CVE-2022-46354,Web Server Vulnerability in Siemens SCALANCE X204RNA Series,"A significant vulnerability has been discovered in the Siemens SCALANCE X204RNA series, where the web server of affected products lacks essential security headers. This oversight could permit remote attackers to access confidential session information under specific conditions, posing a threat to data integrity and confidentiality.",Siemens,"Scalance X204rna (hsr),Scalance X204rna (prp),Scalance X204rna Eec (hsr),Scalance X204rna Eec (prp),Scalance X204rna Eec (prp/hsr)",5.3,MEDIUM,0.001290000043809414,false,,false,false,false,,false,false,2022-12-13T00:00:00.000Z,0
CVE-2022-46350,https://securityvulnerability.io/vulnerability/CVE-2022-46350,Cross-Site Scripting Vulnerability in SCALANCE X204RNA Products by Siemens,"A Cross-Site Scripting vulnerability has been discovered in various SCALANCE X204RNA products by Siemens. An attacker could exploit this flaw by tricking users into clicking on malicious links, which would result in malicious requests triggered on the affected devices. The flaw affects all versions prior to V3.2.7, posing potential security risks for users relying on these network components.",Siemens,"Scalance X204rna (hsr),Scalance X204rna (prp),Scalance X204rna Eec (hsr),Scalance X204rna Eec (prp),Scalance X204rna Eec (prp/hsr)",6.1,MEDIUM,0.0007200000109151006,false,,false,false,false,,false,false,2022-12-13T00:00:00.000Z,0
CVE-2022-46351,https://securityvulnerability.io/vulnerability/CVE-2022-46351,Denial of Service Vulnerability in SCALANCE X204RNA Products by Siemens,"A vulnerability has been found in multiple versions of SCALANCE X204RNA products by Siemens. Specifically, the flaw allows specially crafted PROFINET DCP packets to trigger a denial of service condition within affected devices on a local Ethernet segment (Layer 2). Systems using versions lower than V3.2.7 are at risk and may experience disruptions in network services due to this vulnerability.",Siemens,"Scalance X204rna (hsr),Scalance X204rna (prp),Scalance X204rna Eec (hsr),Scalance X204rna Eec (prp),Scalance X204rna Eec (prp/hsr)",5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,2022-12-13T00:00:00.000Z,0
CVE-2022-46352,https://securityvulnerability.io/vulnerability/CVE-2022-46352,Denial of Service Vulnerability in Siemens SCALANCE X204RNA Products,"A vulnerability has been detected in Siemens SCALANCE X204RNA products which allows for a potential denial of service attack. Maliciously crafted PROFINET DCP packets can overwhelm affected devices, leading to service interruptions. All versions prior to V3.2.7 across various models are impacted, making it crucial for users to upgrade to the latest firmware to mitigate risks.",Siemens,"Scalance X204rna (hsr),Scalance X204rna (prp),Scalance X204rna Eec (hsr),Scalance X204rna Eec (prp),Scalance X204rna Eec (prp/hsr)",7.5,HIGH,0.0008900000248104334,false,,false,false,false,,false,false,2022-12-13T00:00:00.000Z,0
CVE-2019-13933,https://securityvulnerability.io/vulnerability/CVE-2019-13933,,"A vulnerability has been identified in SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices contain a vulnerability that allows an unauthenticated attacker to violate access-control rules. The vulnerability can be triggered by sending GET request to specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration. At the time of advisory publication no public exploitation of this security vulnerability was known.",Siemens,"Scalance X204rna (hsr),Scalance X204rna (prp),Scalance X204rna Eec (hsr),Scalance X204rna Eec (prp),Scalance X204rna Eec (prp/hsr),Scalance X302-7 Eec (230v),Scalance X302-7 Eec (230v, Coated),Scalance X302-7 Eec (24v),Scalance X302-7 Eec (24v, Coated),Scalance X302-7 Eec (2x 230v),Scalance X302-7 Eec (2x 230v, Coated),Scalance X302-7 Eec (2x 24v),Scalance X302-7 Eec (2x 24v, Coated),Scalance X304-2fe,Scalance X306-1ld Fe,Scalance X307-2 Eec (230v),Scalance X307-2 Eec (230v, Coated),Scalance X307-2 Eec (24v),Scalance X307-2 Eec (24v, Coated),Scalance X307-2 Eec (2x 230v),Scalance X307-2 Eec (2x 230v, Coated),Scalance X307-2 Eec (2x 24v),Scalance X307-2 Eec (2x 24v, Coated),Scalance X307-3,Scalance X307-3ld,Scalance X308-2,Scalance X308-2ld,Scalance X308-2lh,Scalance X308-2lh+,Scalance X308-2m,Scalance X308-2m Poe,Scalance X308-2m Ts,Scalance X310,Scalance X310fe,Scalance X320-1 Fe,Scalance X320-1-2ld Fe,Scalance X408-2,Scalance Xr324-12m (230v, Ports On Front),Scalance Xr324-12m (230v, Ports On Rear),Scalance Xr324-12m (24v, Ports On Front),Scalance Xr324-12m (24v, Ports On Rear),Scalance Xr324-12m Ts (24v),Scalance Xr324-4m Eec (100-240vac/60-250vdc, Ports On Front),Scalance Xr324-4m Eec (100-240vac/60-250vdc, Ports On Rear),Scalance Xr324-4m Eec (24v, Ports On Front),Scalance Xr324-4m Eec (24v, Ports On Rear),Scalance Xr324-4m Eec (2x 100-240vac/60-250vdc, Ports On Front),Scalance Xr324-4m Eec (2x 100-240vac/60-250vdc, Ports On Rear),Scalance Xr324-4m Eec (2x 24v, Ports On Front),Scalance Xr324-4m Eec (2x 24v, Ports On Rear),Scalance Xr324-4m Poe (230v, Ports On Front),Scalance Xr324-4m Poe (230v, Ports On Rear),Scalance Xr324-4m Poe (24v, Ports On Front),Scalance Xr324-4m Poe (24v, Ports On Rear),Scalance Xr324-4m Poe Ts (24v, Ports On Front),Siplus Net Scalance X308-2",8.6,HIGH,0.0011099999537691474,false,,false,false,false,,false,false,2020-01-16T00:00:00.000Z,0
CVE-2019-10942,https://securityvulnerability.io/vulnerability/CVE-2019-10942,,"A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X204RNA (HSR) (All versions), SCALANCE X204RNA (PRP) (All versions), SCALANCE X204RNA EEC (HSR) (All versions), SCALANCE X204RNA EEC (PRP) (All versions), SCALANCE X204RNA EEC (PRP/HSR) (All versions). The device contains a vulnerability that could allow an attacker to trigger a denial-of-service condition by sending large message packages repeatedly to the telnet service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device.",Siemens,"Scalance X-200 Switch Family (incl. Siplus Net Variants),Scalance X-200irt Switch Family (incl. Siplus Net Variants),Scalance X204rna (hsr),Scalance X204rna (prp),Scalance X204rna Eec (hsr),Scalance X204rna Eec (prp),Scalance X204rna Eec (prp/hsr)",8.6,HIGH,0.0010300000431016088,false,,false,false,false,,false,false,2019-08-13T18:55:57.000Z,0