CVE-2022-36323
https://notcve.org/view.php?id=CVE-2022-36323
Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Los dispositivos afectados no sanean correctamente un campo de entrada. Esto podría permitir a un atacante remoto autenticado con privilegios administrativos inyectar código o generar un shell de raíz del sistema • https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2021-37182
https://notcve.org/view.php?id=CVE-2021-37182
A vulnerability has been identified in SCALANCE XM408-4C (All versions < V6.5), SCALANCE XM408-4C (L3 int.) (All versions < V6.5), SCALANCE XM408-8C (All versions < V6.5), SCALANCE XM408-8C (L3 int.) (All versions < V6.5), SCALANCE XM416-4C (All versions < V6.5), SCALANCE XM416-4C (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 1x230V (All versions < V6.5), SCALANCE XR524-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 24V (All versions < V6.5), SCALANCE XR524-8C, 24V (L3 int.) • https://cert-portal.siemens.com/productcert/pdf/ssa-145224.pdf • CWE-354: Improper Validation of Integrity Check Value •