CVE-2022-36325

Description

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS.

References

Link	Tags
https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf	mitigation vendor advisory

Frequently Asked Questions

What is the severity of CVE-2022-36325?: CVE-2022-36325 has been scored as a medium severity vulnerability.
How to fix CVE-2022-36325?: To fix CVE-2022-36325, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-36325 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-36325 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-36325?: CVE-2022-36325 affects Siemens RUGGEDCOM RM1224 LTE(4G) EU, Siemens RUGGEDCOM RM1224 LTE(4G) NAM, Siemens SCALANCE M804PB, Siemens SCALANCE M812-1 ADSL-Router (Annex A), Siemens SCALANCE M812-1 ADSL-Router (Annex B), Siemens SCALANCE M816-1 ADSL-Router (Annex A), Siemens SCALANCE M816-1 ADSL-Router (Annex B), Siemens SCALANCE M826-2 SHDSL-Router, Siemens SCALANCE M874-2, Siemens SCALANCE M874-3, Siemens SCALANCE M876-3 (EVDO), Siemens SCALANCE M876-3 (ROK), Siemens SCALANCE M876-4 (EU), Siemens SCALANCE M876-4 (NAM), Siemens SCALANCE MUM853-1 (EU), Siemens SCALANCE MUM856-1 (EU), Siemens SCALANCE MUM856-1 (RoW), Siemens SCALANCE S615, Siemens SCALANCE SC622-2C, Siemens SCALANCE SC626-2C, Siemens SCALANCE SC632-2C, Siemens SCALANCE SC636-2C, Siemens SCALANCE SC642-2C, Siemens SCALANCE SC646-2C, Siemens SCALANCE W1748-1 M12, Siemens SCALANCE W1748-1 M12, Siemens SCALANCE W1788-1 M12, Siemens SCALANCE W1788-2 EEC M12, Siemens SCALANCE W1788-2 M12, Siemens SCALANCE W1788-2IA M12, Siemens SCALANCE W721-1 RJ45, Siemens SCALANCE W721-1 RJ45, Siemens SCALANCE W722-1 RJ45, Siemens SCALANCE W722-1 RJ45, Siemens SCALANCE W722-1 RJ45, Siemens SCALANCE W734-1 RJ45, Siemens SCALANCE W734-1 RJ45, Siemens SCALANCE W734-1 RJ45, Siemens SCALANCE W734-1 RJ45 (USA), Siemens SCALANCE W738-1 M12, Siemens SCALANCE W738-1 M12, Siemens SCALANCE W748-1 M12, Siemens SCALANCE W748-1 M12, Siemens SCALANCE W748-1 RJ45, Siemens SCALANCE W748-1 RJ45, Siemens SCALANCE W761-1 RJ45, Siemens SCALANCE W761-1 RJ45, Siemens SCALANCE W774-1 M12 EEC, Siemens SCALANCE W774-1 M12 EEC, Siemens SCALANCE W774-1 RJ45, Siemens SCALANCE W774-1 RJ45, Siemens SCALANCE W774-1 RJ45, Siemens SCALANCE W774-1 RJ45, Siemens SCALANCE W774-1 RJ45 (USA), Siemens SCALANCE W778-1 M12, Siemens SCALANCE W778-1 M12, Siemens SCALANCE W778-1 M12 EEC, Siemens SCALANCE W778-1 M12 EEC (USA), Siemens SCALANCE W786-1 RJ45, Siemens SCALANCE W786-1 RJ45, Siemens SCALANCE W786-2 RJ45, Siemens SCALANCE W786-2 RJ45, Siemens SCALANCE W786-2 RJ45, Siemens SCALANCE W786-2 SFP, Siemens SCALANCE W786-2 SFP, Siemens SCALANCE W786-2IA RJ45, Siemens SCALANCE W786-2IA RJ45, Siemens SCALANCE W788-1 M12, Siemens SCALANCE W788-1 M12, Siemens SCALANCE W788-1 RJ45, Siemens SCALANCE W788-1 RJ45, Siemens SCALANCE W788-2 M12, Siemens SCALANCE W788-2 M12, Siemens SCALANCE W788-2 M12 EEC, Siemens SCALANCE W788-2 M12 EEC, Siemens SCALANCE W788-2 M12 EEC, Siemens SCALANCE W788-2 RJ45, Siemens SCALANCE W788-2 RJ45, Siemens SCALANCE W788-2 RJ45, Siemens SCALANCE WAM763-1, Siemens SCALANCE WAM766-1 (EU), Siemens SCALANCE WAM766-1 (US), Siemens SCALANCE WAM766-1 EEC (EU), Siemens SCALANCE WAM766-1 EEC (US), Siemens SCALANCE WUM763-1, Siemens SCALANCE WUM763-1, Siemens SCALANCE WUM766-1 (EU), Siemens SCALANCE WUM766-1 (US), Siemens SCALANCE XB205-3 (SC, PN), Siemens SCALANCE XB205-3 (ST, E/IP), Siemens SCALANCE XB205-3 (ST, E/IP), Siemens SCALANCE XB205-3 (ST, PN), Siemens SCALANCE XB205-3LD (SC, E/IP), Siemens SCALANCE XB205-3LD (SC, PN), Siemens SCALANCE XB208 (E/IP), Siemens SCALANCE XB208 (PN), Siemens SCALANCE XB213-3 (SC, E/IP), Siemens SCALANCE XB213-3 (SC, PN), Siemens SCALANCE XB213-3 (ST, E/IP), Siemens SCALANCE XB213-3 (ST, PN), Siemens SCALANCE XB213-3LD (SC, E/IP), Siemens SCALANCE XB213-3LD (SC, PN), Siemens SCALANCE XB216 (E/IP), Siemens SCALANCE XB216 (PN), Siemens SCALANCE XC206-2 (SC), Siemens SCALANCE XC206-2 (ST/BFOC), Siemens SCALANCE XC206-2G PoE, Siemens SCALANCE XC206-2G PoE (54 V DC), Siemens SCALANCE XC206-2G PoE EEC (54 V DC), Siemens SCALANCE XC206-2SFP, Siemens SCALANCE XC206-2SFP EEC, Siemens SCALANCE XC206-2SFP G, Siemens SCALANCE XC206-2SFP G (EIP DEF.), Siemens SCALANCE XC206-2SFP G EEC, Siemens SCALANCE XC208, Siemens SCALANCE XC208EEC, Siemens SCALANCE XC208G, Siemens SCALANCE XC208G (EIP def.), Siemens SCALANCE XC208G EEC, Siemens SCALANCE XC208G PoE, Siemens SCALANCE XC208G PoE (54 V DC), Siemens SCALANCE XC216, Siemens SCALANCE XC216-3G PoE, Siemens SCALANCE XC216-3G PoE (54 V DC), Siemens SCALANCE XC216-4C, Siemens SCALANCE XC216-4C G, Siemens SCALANCE XC216-4C G (EIP Def.), Siemens SCALANCE XC216-4C G EEC, Siemens SCALANCE XC216EEC, Siemens SCALANCE XC224, Siemens SCALANCE XC224-4C G, Siemens SCALANCE XC224-4C G (EIP Def.), Siemens SCALANCE XC224-4C G EEC, Siemens SCALANCE XF204, Siemens SCALANCE XF204 DNA, Siemens SCALANCE XF204-2BA, Siemens SCALANCE XF204-2BA DNA, Siemens SCALANCE XM408-4C, Siemens SCALANCE XM408-4C (L3 int.), Siemens SCALANCE XM408-8C, Siemens SCALANCE XM408-8C (L3 int.), Siemens SCALANCE XM416-4C, Siemens SCALANCE XM416-4C (L3 int.), Siemens SCALANCE XP208, Siemens SCALANCE XP208 (Ethernet/IP), Siemens SCALANCE XP208EEC, Siemens SCALANCE XP208PoE EEC, Siemens SCALANCE XP216, Siemens SCALANCE XP216 (Ethernet/IP), Siemens SCALANCE XP216EEC, Siemens SCALANCE XP216POE EEC, Siemens SCALANCE XR324WG (24 x FE, AC 230V), Siemens SCALANCE XR324WG (24 X FE, DC 24V), Siemens SCALANCE XR326-2C PoE WG, Siemens SCALANCE XR326-2C PoE WG (without UL), Siemens SCALANCE XR328-4C WG (24XFE, 4XGE, 24V), Siemens SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V), Siemens SCALANCE XR328-4C WG (24xFE,4xGE,AC230V), Siemens SCALANCE XR328-4C WG (24xFE,4xGE,AC230V), Siemens SCALANCE XR328-4C WG (28xGE, AC 230V), Siemens SCALANCE XR328-4C WG (28xGE, DC 24V), Siemens SCALANCE XR524-8C, 1x230V, Siemens SCALANCE XR524-8C, 1x230V (L3 int.), Siemens SCALANCE XR524-8C, 24V, Siemens SCALANCE XR524-8C, 24V (L3 int.), Siemens SCALANCE XR524-8C, 2x230V, Siemens SCALANCE XR524-8C, 2x230V (L3 int.), Siemens SCALANCE XR526-8C, 1x230V, Siemens SCALANCE XR526-8C, 1x230V (L3 int.), Siemens SCALANCE XR526-8C, 24V, Siemens SCALANCE XR526-8C, 24V (L3 int.), Siemens SCALANCE XR526-8C, 2x230V, Siemens SCALANCE XR526-8C, 2x230V (L3 int.), Siemens SCALANCE XR528-6M, Siemens SCALANCE XR528-6M (2HR2, L3 int.), Siemens SCALANCE XR528-6M (2HR2), Siemens SCALANCE XR528-6M (L3 int.), Siemens SCALANCE XR552-12M, Siemens SCALANCE XR552-12M (2HR2, L3 int.), Siemens SCALANCE XR552-12M (2HR2), Siemens SCALANCE XR552-12M (2HR2), Siemens SIPLUS NET SCALANCE XC206-2, Siemens SIPLUS NET SCALANCE XC206-2SFP, Siemens SIPLUS NET SCALANCE XC208, Siemens SIPLUS NET SCALANCE XC216-4C.

Description

Category

CWE-80 – Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

References

Frequently Asked Questions