Skip to main content

CVE-2022-46354: CWE-284: Improper Access Control in Siemens SCALANCE X204RNA (HSR)

Medium
Published: Tue Dec 13 2022 (12/13/2022, 00:00:00 UTC)
Source: CVE
Vendor/Project: Siemens
Product: SCALANCE X204RNA (HSR)

Description

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The webserver of an affected device is missing specific security headers. This could allow an remote attacker to extract confidential session information under certain circumstances.

AI-Powered Analysis

AILast updated: 06/21/2025, 18:21:36 UTC

Technical Analysis

CVE-2022-46354 is a medium-severity vulnerability affecting multiple versions of Siemens SCALANCE X204RNA devices, specifically those running versions prior to V3.2.7. The affected models include SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), and SCALANCE X204RNA EEC (PRP/HSR). These devices are industrial network components used primarily in high-availability and redundancy protocols such as High-availability Seamless Redundancy (HSR) and Parallel Redundancy Protocol (PRP), which are critical in industrial automation and control systems. The vulnerability arises from the webserver embedded in these devices lacking specific security headers, which are essential for enforcing proper access control and protecting session information. This omission can allow a remote attacker to extract confidential session data under certain conditions, potentially leading to unauthorized access or information disclosure. The CVSS 3.1 base score is 5.3, reflecting a network attack vector with low complexity, no privileges required, and no user interaction needed. The impact is limited to confidentiality loss without affecting integrity or availability. No known exploits have been reported in the wild, and Siemens has not yet published official patches, though the vulnerability was reserved and disclosed in late 2022. The CWE classification is CWE-284, indicating improper access control, which suggests that the webserver does not adequately restrict access to sensitive session information, possibly due to missing HTTP security headers like Strict-Transport-Security, Content-Security-Policy, or others that prevent session hijacking or information leakage.

Potential Impact

For European organizations, especially those operating critical infrastructure, manufacturing plants, or industrial automation environments, this vulnerability poses a moderate risk. Siemens SCALANCE devices are widely deployed in European industrial sectors such as automotive manufacturing, energy distribution, and transportation systems. Exploitation could allow attackers to remotely obtain session information, potentially enabling further unauthorized access or reconnaissance within industrial networks. While the vulnerability does not directly impact system integrity or availability, the confidentiality breach could facilitate lateral movement or targeted attacks on critical systems. Given the strategic importance of industrial control systems in Europe’s economy and infrastructure, even a medium-severity vulnerability warrants attention. The lack of required privileges or user interaction lowers the barrier for exploitation, increasing the likelihood that opportunistic attackers could leverage this weakness if exposed to untrusted networks. However, the absence of known exploits and the need for specific conditions to extract session data somewhat mitigates immediate risk.

Mitigation Recommendations

1. Upgrade all affected Siemens SCALANCE X204RNA devices to version V3.2.7 or later as soon as Siemens releases the patch addressing this vulnerability. 2. In the interim, restrict access to the device webserver interfaces by implementing network segmentation and firewall rules that limit management interface exposure to trusted internal networks only. 3. Employ network monitoring to detect unusual access patterns or attempts to access the webserver interfaces remotely. 4. Use VPNs or secure tunnels for remote management to add an additional layer of authentication and encryption. 5. Review and harden device configurations to disable unnecessary services and ensure that default credentials are changed. 6. If possible, implement compensating controls such as web application firewalls (WAFs) that can enforce missing security headers or block suspicious HTTP requests targeting the device webserver. 7. Conduct regular security audits and penetration tests focusing on industrial network components to identify and remediate similar access control weaknesses proactively.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
siemens
Date Reserved
2022-11-30T00:00:00.000Z
Cisa Enriched
true

Threat ID: 682d984ac4522896dcbf73c4

Added to database: 5/21/2025, 9:09:30 AM

Last enriched: 6/21/2025, 6:21:36 PM

Last updated: 8/12/2025, 12:57:21 AM

Views: 16

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats