CVE-2022-36325
https://notcve.org/view.php?id=CVE-2022-36325
Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS. Los dispositivos afectados no sanean correctamente los datos introducidos por un usuario al renderizar la interfaz web. Esto podría permitir a un atacante remoto autenticado con privilegios administrativos inyectar código y llevar a un XSS basado en el DOM • https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVE-2022-36324
https://notcve.org/view.php?id=CVE-2022-36324
Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack. Los dispositivos afectados no manejan adecuadamente la renegociación de los parámetros SSL/TLS. Esto podría permitir a un atacante remoto no autenticado eludir la prevención de fuerza bruta de TCP y provocar una condición de denegación de servicio mientras dure el ataque • https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2022-36323
https://notcve.org/view.php?id=CVE-2022-36323
Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Los dispositivos afectados no sanean correctamente un campo de entrada. Esto podría permitir a un atacante remoto autenticado con privilegios administrativos inyectar código o generar un shell de raíz del sistema • https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2021-37182
https://notcve.org/view.php?id=CVE-2021-37182
A vulnerability has been identified in SCALANCE XM408-4C (All versions < V6.5), SCALANCE XM408-4C (L3 int.) (All versions < V6.5), SCALANCE XM408-8C (All versions < V6.5), SCALANCE XM408-8C (L3 int.) (All versions < V6.5), SCALANCE XM416-4C (All versions < V6.5), SCALANCE XM416-4C (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 1x230V (All versions < V6.5), SCALANCE XR524-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 24V (All versions < V6.5), SCALANCE XR524-8C, 24V (L3 int.) • https://cert-portal.siemens.com/productcert/pdf/ssa-145224.pdf • CWE-354: Improper Validation of Integrity Check Value •