CVE-2022-36325

Description

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS.

CVSS breakdown

Affected products

• Siemens / RUGGEDCOM RM1224 LTE(4G) EU0 – V7.1.2
• Siemens / RUGGEDCOM RM1224 LTE(4G) NAM0 – V7.1.2
• Siemens / SCALANCE M804PB0 – V7.1.2
• Siemens / SCALANCE M812-1 ADSL-Router0 – V7.1.2
• Siemens / SCALANCE M816-1 ADSL-Router0 – V7.1.2
• Siemens / SCALANCE M826-2 SHDSL-Router0 – V7.1.2
• Siemens / SCALANCE M874-20 – V7.1.2
• Siemens / SCALANCE M874-30 – V7.1.2
• Siemens / SCALANCE M876-30 – V7.1.2
• Siemens / SCALANCE M876-3 (ROK)0 – V7.1.2
• Siemens / SCALANCE M876-4 (EU)0 – V7.1.2
• Siemens / SCALANCE M876-4 (NAM)0 – V7.1.2
• Siemens / SCALANCE MUM853-1 (EU)0 – V7.1.2
• Siemens / SCALANCE MUM856-1 (EU)0 – V7.1.2
• Siemens / SCALANCE MUM856-1 (RoW)0 – V7.1.2
• Siemens / SCALANCE S615 LAN-Router0 – V7.1.2
• Siemens / SCALANCE SC622-2C0 – V2.3.1
• Siemens / SCALANCE SC626-2C0 – V2.3.1
• Siemens / SCALANCE SC632-2C0 – V2.3.1
• Siemens / SCALANCE SC636-2C0 – V2.3.1
• Siemens / SCALANCE SC642-2C0 – V2.3.1
• Siemens / SCALANCE SC646-2C0 – V2.3.1
• Siemens / SCALANCE W1748-1 M120 – *
• Siemens / SCALANCE W1788-1 M120 – *
• Siemens / SCALANCE W1788-2 EEC M120 – *
• Siemens / SCALANCE W1788-2IA M120 – *
• Siemens / SCALANCE W1788-2 M120 – *
• Siemens / SCALANCE W721-1 RJ450 – V6.6.0
• Siemens / SCALANCE W722-1 RJ450 – V6.6.0
• Siemens / SCALANCE W734-1 RJ450 – V6.6.0
• Siemens / SCALANCE W734-1 RJ45 (USA)0 – V6.6.0
• Siemens / SCALANCE W738-1 M120 – V6.6.0
• Siemens / SCALANCE W748-1 M120 – V6.6.0
• Siemens / SCALANCE W748-1 RJ450 – V6.6.0
• Siemens / SCALANCE W761-1 RJ450 – V6.6.0
• Siemens / SCALANCE W774-1 M12 EEC0 – V6.6.0
• Siemens / SCALANCE W774-1 RJ450 – V6.6.0
• Siemens / SCALANCE W774-1 RJ45 (USA)0 – V6.6.0
• Siemens / SCALANCE W778-1 M120 – V6.6.0
• Siemens / SCALANCE W778-1 M12 EEC0 – V6.6.0
• Siemens / SCALANCE W778-1 M12 EEC (USA)0 – V6.6.0
• Siemens / SCALANCE W786-1 RJ450 – V6.6.0
• Siemens / SCALANCE W786-2IA RJ450 – V6.6.0
• Siemens / SCALANCE W786-2 RJ450 – V6.6.0
• Siemens / SCALANCE W786-2 SFP0 – V6.6.0
• Siemens / SCALANCE W788-1 M120 – V6.6.0
• Siemens / SCALANCE W788-1 RJ450 – V6.6.0
• Siemens / SCALANCE W788-2 M120 – V6.6.0
• Siemens / SCALANCE W788-2 M12 EEC0 – V6.6.0
• Siemens / SCALANCE W788-2 RJ450 – V6.6.0
• Siemens / SCALANCE WAM763-10 – V2.0.0
• Siemens / SCALANCE WAM766-10 – V2.0.0
• Siemens / SCALANCE WAM766-1 EEC0 – V2.0.0
• Siemens / SCALANCE WAM766-1 EEC (US)0 – V2.0.0
• Siemens / SCALANCE WAM766-1 (US)0 – V2.0.0
• Siemens / SCALANCE WUM763-10 – V2.0.0
• Siemens / SCALANCE WUM766-10 – V2.0.0
• Siemens / SCALANCE WUM766-1 (USA)0 – V2.0.0
• Siemens / SCALANCE XB205-3LD (SC, E/IP)0 – V4.4
• Siemens / SCALANCE XB205-3LD (SC, PN)0 – V4.4
• Siemens / SCALANCE XB205-3 (SC, PN)0 – V4.4
• Siemens / SCALANCE XB205-3 (ST, E/IP)0 – V4.4
• Siemens / SCALANCE XB205-3 (ST, PN)0 – V4.4
• Siemens / SCALANCE XB208 (E/IP)0 – V4.4
• Siemens / SCALANCE XB208 (PN)0 – V4.4
• Siemens / SCALANCE XB213-3LD (SC, E/IP)0 – V4.4
• Siemens / SCALANCE XB213-3LD (SC, PN)0 – V4.4
• Siemens / SCALANCE XB213-3 (SC, E/IP)0 – V4.4
• Siemens / SCALANCE XB213-3 (SC, PN)0 – V4.4
• Siemens / SCALANCE XB213-3 (ST, E/IP)0 – V4.4
• Siemens / SCALANCE XB213-3 (ST, PN)0 – V4.4
• Siemens / SCALANCE XB216 (E/IP)0 – V4.4
• Siemens / SCALANCE XB216 (PN)0 – V4.4
• Siemens / SCALANCE XC206-2G PoE0 – V4.4
• Siemens / SCALANCE XC206-2G PoE (54 V DC)0 – V4.4
• Siemens / SCALANCE XC206-2G PoE EEC (54 V DC)0 – V4.4
• Siemens / SCALANCE XC206-2 (SC)0 – V4.4
• Siemens / SCALANCE XC206-2SFP0 – V4.4
• Siemens / SCALANCE XC206-2SFP EEC0 – V4.4
• Siemens / SCALANCE XC206-2SFP G0 – V4.4
• Siemens / SCALANCE XC206-2SFP G EEC0 – V4.4
• Siemens / SCALANCE XC206-2SFP G (EIP DEF.)0 – V4.4
• Siemens / SCALANCE XC206-2 (ST/BFOC)0 – V4.4
• Siemens / SCALANCE XC2080 – V4.4
• Siemens / SCALANCE XC208EEC0 – V4.4
• Siemens / SCALANCE XC208G0 – V4.4
• Siemens / SCALANCE XC208G EEC0 – V4.4
• Siemens / SCALANCE XC208G (EIP def.)0 – V4.4
• Siemens / SCALANCE XC208G PoE0 – V4.4
• Siemens / SCALANCE XC208G PoE (54 V DC)0 – V4.4
• Siemens / SCALANCE XC2160 – V4.4
• Siemens / SCALANCE XC216-3G PoE0 – V4.4
• Siemens / SCALANCE XC216-3G PoE (54 V DC)0 – V4.4
• Siemens / SCALANCE XC216-4C0 – V4.4
• Siemens / SCALANCE XC216-4C G0 – V4.4
• Siemens / SCALANCE XC216-4C G EEC0 – V4.4
• Siemens / SCALANCE XC216-4C G (EIP Def.)0 – V4.4
• Siemens / SCALANCE XC216EEC0 – V4.4
• Siemens / SCALANCE XC2240 – V4.4
• Siemens / SCALANCE XC224-4C G0 – V4.4
• Siemens / SCALANCE XC224-4C G EEC0 – V4.4
• Siemens / SCALANCE XC224-4C G (EIP Def.)0 – V4.4
• Siemens / SCALANCE XF2040 – V4.4
• Siemens / SCALANCE XF204-2BA0 – V4.4
• Siemens / SCALANCE XF204-2BA DNA0 – V4.4
• Siemens / SCALANCE XF204 DNA0 – V4.4
• Siemens / SCALANCE XM408-4C0 – V6.6
• Siemens / SCALANCE XM408-4C (L3 int.)0 – V6.6
• Siemens / SCALANCE XM408-8C0 – V6.6
• Siemens / SCALANCE XM408-8C (L3 int.)0 – V6.6
• Siemens / SCALANCE XM416-4C0 – V6.6
• Siemens / SCALANCE XM416-4C (L3 int.)0 – V6.6
• Siemens / SCALANCE XP2080 – V4.4
• Siemens / SCALANCE XP208EEC0 – V4.4
• Siemens / SCALANCE XP208 (Ethernet/IP)0 – V4.4
• Siemens / SCALANCE XP208PoE EEC0 – V4.4
• Siemens / SCALANCE XP2160 – V4.4
• Siemens / SCALANCE XP216EEC0 – V4.4
• Siemens / SCALANCE XP216 (Ethernet/IP)0 – V4.4
• Siemens / SCALANCE XP216POE EEC0 – V4.4
• Siemens / SCALANCE XR324WG (24 x FE, AC 230V)0 – V4.4
• Siemens / SCALANCE XR324WG (24 X FE, DC 24V)0 – V4.4
• Siemens / SCALANCE XR326-2C PoE WG0 – V4.4
• Siemens / SCALANCE XR326-2C PoE WG (without UL)0 – V4.4
• Siemens / SCALANCE XR328-4C WG (24XFE, 4XGE, 24V)0 – V4.4
• Siemens / SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)0 – V4.4
• Siemens / SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)0 – V4.4
• Siemens / SCALANCE XR328-4C WG (28xGE, AC 230V)0 – V4.4
• Siemens / SCALANCE XR328-4C WG (28xGE, DC 24V)0 – V4.4
• Siemens / SCALANCE XR524-8C, 1x230V0 – V6.6
• Siemens / SCALANCE XR524-8C, 1x230V (L3 int.)0 – V6.6
• Siemens / SCALANCE XR524-8C, 24V0 – V6.6
• Siemens / SCALANCE XR524-8C, 24V (L3 int.)0 – V6.6
• Siemens / SCALANCE XR524-8C, 2x230V0 – V6.6
• Siemens / SCALANCE XR524-8C, 2x230V (L3 int.)0 – V6.6
• Siemens / SCALANCE XR526-8C, 1x230V0 – V6.6
• Siemens / SCALANCE XR526-8C, 1x230V (L3 int.)0 – V6.6
• Siemens / SCALANCE XR526-8C, 24V0 – V6.6
• Siemens / SCALANCE XR526-8C, 24V (L3 int.)0 – V6.6
• Siemens / SCALANCE XR526-8C, 2x230V0 – V6.6
• Siemens / SCALANCE XR526-8C, 2x230V (L3 int.)0 – V6.6
• Siemens / SCALANCE XR528-6M0 – V6.6
• Siemens / SCALANCE XR528-6M (2HR2)0 – V6.6
• Siemens / SCALANCE XR528-6M (2HR2, L3 int.)0 – V6.6
• Siemens / SCALANCE XR528-6M (L3 int.)0 – V6.6
• Siemens / SCALANCE XR552-12M0 – V6.6
• Siemens / SCALANCE XR552-12M (2HR2)0 – V6.6
• Siemens / SCALANCE XR552-12M (2HR2, L3 int.)0 – V6.6
• Siemens / SIPLUS NET SCALANCE XC206-20 – V4.4
• Siemens / SIPLUS NET SCALANCE XC206-2SFP0 – V4.4
• Siemens / SIPLUS NET SCALANCE XC2080 – V4.4
• Siemens / SIPLUS NET SCALANCE XC216-4C0 – V4.4

References

• MISChttps://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf
• MISChttps://cert-portal.siemens.com/productcert/html/ssa-710008.html
• MISChttps://cert-portal.siemens.com/productcert/html/ssa-019200.html