PatchSiren cyber security CVE debrief
CVE-2022-36325 Siemens CVE debrief
CVE-2022-36325 is a medium-severity DOM-based XSS affecting multiple Siemens SCALANCE wireless device models listed in the advisory. The issue is caused by improper sanitization of user-controlled data when rendering the web interface, which can let an authenticated remote attacker with administrative privileges inject code into the browser context. CISA published the advisory as ICSA-26-111-07 and republished Siemens ProductCERT advisory SSA-019200; the supplied remediation is to update to V6.6.0 or later.
- Vendor
- Siemens
- Product
- SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0)
- CVSS
- MEDIUM 6.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-14
- Original CVE updated
- 2026-04-21
- Advisory published
- 2026-04-14
- Advisory updated
- 2026-04-21
Who should care
Administrators and operators of affected Siemens SCALANCE devices, OT/ICS security teams, and network teams that use the device web interface for management. Organizations that allow privileged web-based administration should treat this as relevant because exploitation requires administrative access and user interaction.
Technical summary
The advisory states that affected devices do not properly sanitize user-supplied data when rendering the web interface. That creates a DOM-based cross-site scripting condition in which attacker-controlled content can be interpreted by the browser as script in the management UI. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C, indicating network reachability, high privileges required, user interaction required, and high potential impact.
Defensive priority
Medium priority overall, with higher urgency if the device web interface is exposed beyond a tightly controlled admin network or if privileged browser-based administration is common in your environment.
Recommended defensive actions
- Update affected devices to V6.6.0 or later, as directed by Siemens.
- Confirm whether any deployed devices match the affected SCALANCE models and firmware range in the advisory.
- Restrict web management access to trusted administrative networks and least-privilege accounts.
- Apply ICS defense-in-depth and segmentation guidance from CISA recommended practices.
- Review management workflows for unnecessary user interaction with privileged web pages until remediation is complete.
Evidence notes
The source corpus states: improper sanitization of user-introduced data in the web interface can allow an authenticated remote attacker with administrative privileges to inject code and cause DOM-based XSS. The advisory is CISA ICSA-26-111-07, republished from Siemens ProductCERT SSA-019200, with publishedAt 2026-04-14 and modifiedAt 2026-04-21. The supplied CVSS vector includes PR:H and UI:R, supporting the need for administrative privileges and user interaction. Remediation in the corpus is V6.6.0 or later.
Official resources
-
CVE-2022-36325 CVE record
CVE.org
-
CVE-2022-36325 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE-2022-36325 was publicly disclosed in CISA advisory ICSA-26-111-07 on 2026-04-14 and republished on 2026-04-21 from Siemens ProductCERT advisory SSA-019200.