SSA-693776 — Vulnetix

Try Vulnetix Request Demo

SSA-693776 PUBLISHED CVSS 6.5 MEDIUM

The "Load Rollback" functionality in the web interface of affected products contains an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with "guest" role to make the affected product roll back configuration changes made by privileged users.

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Affected Products

Vendor	Product	Versions
Siemens	SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
Siemens	SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
Siemens	SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
Siemens	SCALANCE XCM332 (6GK5332-0GA01-2AC2)
Siemens	SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
Siemens	SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
Siemens	SCALANCE XCM328 (6GK5328-4TS01-2AC2)
Siemens	SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
Siemens	SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
Siemens	SCALANCE XCM324 (6GK5324-8TS01-2AC2)
Siemens	SCALANCE XCH328 (6GK5328-4TS01-2EC2)
Siemens	SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
Siemens	SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)
Siemens	RUGGEDCOM RST2428P (6GK6242-6PA00)
Siemens	SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)

Timeline

Jun 10, 2025 CVE Published
Jan 13, 2026 CVE Updated

References

Open in Interactive Console →