VDB

SSA-693776

SSA-693776 PUBLISHED CVSS 6.5 MEDIUM

The "Load Rollback" functionality in the web interface of affected products contains an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with "guest" role to make the affected product roll back configuration changes made by privileged users.

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Affected Products

VendorProductVersions
SiemensSCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
SiemensSCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
SiemensSCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
SiemensSCALANCE XCM332 (6GK5332-0GA01-2AC2)
SiemensSCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
SiemensSCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
SiemensSCALANCE XCM328 (6GK5328-4TS01-2AC2)
SiemensSCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
SiemensSCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
SiemensSCALANCE XCM324 (6GK5324-8TS01-2AC2)
SiemensSCALANCE XCH328 (6GK5328-4TS01-2EC2)
SiemensSCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
SiemensSCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
SiemensRUGGEDCOM RST2428P (6GK6242-6PA00)
SiemensSCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)

Timeline

  • Jun 10, 2025 CVE Published
  • Jan 13, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›