VDB

SSA-633269

SSA-633269 PUBLISHED CVSS 4.300000190734863 MEDIUM

Affected devices contain an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with "guest" role to invoke an internal "do system" command which exceeds their privileges. This command allows the execution of certain low-risk actions, the most critical of which is clearing the local system log.

Risk Scores

CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Affected Products

VendorProductVersions
SiemensSCALANCE XR302-32 (6GK5334-5TS00-3AR3)
SiemensSCALANCE XCH328 (6GK5328-4TS01-2EC2)
SiemensSCALANCE XR322-12 (6GK5334-3TS00-3AR3)
SiemensSCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3)
SiemensSCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
SiemensSCALANCE XR302-32 (6GK5334-5TS00-4AR3)
SiemensSCALANCE XR502-32 (6GK5534-5TR00-4AR3)
SiemensSCALANCE XR526-8 (6GK5534-2TR00-4AR3)
SiemensSCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
SiemensSCALANCE XR326-8 (6GK5334-2TS00-3AR3)
SiemensSCALANCE XR502-32 (6GK5534-5TR00-3AR3)
SiemensSCALANCE XR322-12 (6GK5334-3TS00-4AR3)
SiemensSCALANCE XR522-12 (6GK5534-3TR00-2AR3)
SiemensSCALANCE XR526-8 (6GK5534-2TR00-3AR3)
SiemensSCALANCE XR522-12 (6GK5534-3TR00-4AR3)
SiemensSCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2)
SiemensSCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
SiemensSCALANCE XR322-12 (6GK5334-3TS00-2AR3)
SiemensSCALANCE XC332 (6GK5332-0GA00-2AC2)
SiemensSCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)

…and 21 more

Timeline

  • Jun 10, 2025 CVE Published

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›