CVE-2022-36325

Name: CVE-2022-36325
Creator: NVD / NIST
Published: 2022-08-10T12:15:12.997+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 4.8/10EPSS 0.79%

Last modified Jun 17, 2026

CVE-2022-36325 is a medium-severity vulnerability rated 4.8/10 on the CVSS scale. Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS.. EPSS estimates a 0.79% chance of exploitation in the next 30 days.

Description

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS.

Metrics

CVSS 3.1

4.8/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS Probability

0.79%

51.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-80

Affected Software

Vendor	Product	Versions
Siemens	Scalance M-800 Firmware	All versions
Siemens	Scalance S615 Firmware	All versions
Siemens	Scalance Sc-600 Firmware	< 2.3.1
Siemens	Scalance Sc622-2c Firmware	< 2.3.1
Siemens	Scalance Sc632-2c Firmware	< 2.3.1
Siemens	Scalance Sc636-2c Firmware	< 2.3.1
Siemens	Scalance Sc642-2c Firmware	< 2.3.1
Siemens	Scalance Sc646-2c Firmware	< 2.3.1
Siemens	Scalance W700 Ieee 802.11ax Firmware	All versions
Siemens	Scalance W700 Ieee 802.11n Firmware	All versions
Siemens	Scalance W700 Ieee 802.11ac Firmware	All versions
Siemens	Scalance Xb-200 Firmware	All versions
Siemens	Scalance Xb205-3 Firmware	All versions
Siemens	Scalance Xb205-3ld Firmware	All versions
Siemens	Scalance Xb208 Firmware	All versions
Siemens	Scalance Xb213-3 Firmware	All versions
Siemens	Scalance Xb213-3ld Firmware	All versions
Siemens	Scalance Xb216 Firmware	All versions
Siemens	Scalance Xc-200 Firmware	All versions
Siemens	Scalance Xc206-2 Firmware	All versions
Siemens	Scalance Xc206-2g Poe Firmware	All versions
Siemens	Scalance Xc206-2g Poe Eec Firmware	All versions
Siemens	Scalance Xc206-2sfp Eec Firmware	All versions
Siemens	Scalance Xc206-2sfp G Firmware	All versions
Siemens	Scalance Xc206-2sfp G \(E\/Ip\) Firmware	All versions
Siemens	Scalance Xc206-2sfp G Eec Firmware	All versions
Siemens	Scalance Xc208 Firmware	All versions
Siemens	Scalance Xc208eec Firmware	All versions
Siemens	Scalance Xc208g Firmware	All versions
Siemens	Scalance Xc208g \(E\/Ip\) Firmware	All versions
Siemens	Scalance Xc208g Eec Firmware	All versions
Siemens	Scalance Xc208g Poe Firmware	All versions
Siemens	Scalance Xc216 Firmware	All versions
Siemens	Scalance Xc216-4c Firmware	All versions
Siemens	Scalance Xc216-4c G Firmware	All versions
Siemens	Scalance Xc216-4c G \(E\/Ip\) Firmware	All versions
Siemens	Scalance Xc216-4c G Eec Firmware	All versions
Siemens	Scalance Xc216eec Firmware	All versions
Siemens	Scalance Xc224 Firmware	All versions
Siemens	Scalance Xc224-4c G Firmware	All versions
Siemens	Scalance Xc224-4c G \(E\/Ip\) Firmware	All versions
Siemens	Scalance Xc224-4c G Eec Firmware	All versions
Siemens	Scalance Xf-200ba Firmware	All versions
Siemens	Scalance Xf204-2ba Dna Firmware	All versions
Siemens	Scalance Xf204-2ba Irt Firmware	All versions
Siemens	Scalance Xm400 Firmware	All versions
Siemens	Scalance Xm408-4c Firmware	All versions
Siemens	Scalance Xm408-4c L3 Firmware	All versions
Siemens	Scalance Xm408-8c Firmware	All versions
Siemens	Scalance Xm408-8c L3 Firmware	All versions

Showing 50 of 90 affected configurations. See NVD for the full list.

References

https://cert-portal.siemens.com/productcert/html/ssa-019200.html
https://cert-portal.siemens.com/productcert/html/ssa-710008.html
https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdfMitigation, Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdfMitigation, Vendor Advisory

Timeline

Published: Aug 10, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-36325?

How severe is CVE-2022-36325?

CVE-2022-36325 has a CVSS score of 4.8/10 (MEDIUM severity). The EPSS model estimates a 0.79% probability of exploitation in the next 30 days.

How do I fix CVE-2022-36325?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-36325?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST