Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-4842

Опубликовано: 14 июн. 2018
Источник: nvd
CVSS3: 4.8
CVSS2: 3.5
EPSS Низкий

Описание

A vulnerability has been identified in SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). A remote, authenticated attacker with access to the configuration web server could be able to store script code on the web site, if the HRP redundancy option is set. This code could be executed in the web browser of victims visiting this web site (XSS), affecting its confidentiality, integrity and availability. User interaction is required for successful exploitation, as the user needs to visit the manipulated web site. At the stage of publishing this security advisory no public exploitation is known. The vendor has confirmed the vulnerability and provides mitigations to resolve it.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:siemens:scalance_x200irt_firmware:*:*:*:*:*:*:*:*
Версия до 5.4.1 (исключая)
cpe:2.3:h:siemens:scalance_x200_irt:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:siemens:scalance_x300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_x300:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:siemens:scalance_x200_firmware:*:*:*:*:*:*:*:*
Версия до 5.2.3 (исключая)
cpe:2.3:h:siemens:scalance_x200:-:*:*:*:*:*:*:*

EPSS

Процентиль: 42%
0.00198
Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79
CWE-79

Связанные уязвимости

github логотип

GHSA-89f2-v4jr-22cm

CVSS3: 4.8
github
больше 3 лет назад

A vulnerability has been identified in SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). A remote, authenticated attacker with access to the configuration web server could be able to store script code on the web site, if the HRP redundancy option is set. This code could be executed in the web browser of victims visiting this web site (XSS), affecting its confidentiality, integrity and availability. User interaction is required for successful exploitation, as the user needs to visit the manipulated web site. At the stage of publishing this security advisory no public exploitation is known. The vendor has confirmed the vulnerability and provides mitigations to resolve it.

fstec логотип

BDU:2020-00570

CVSS3: 5.5
fstec
больше 7 лет назад

Уязвимость веб-сервера промышленных коммутаторов Siemens SCALANCE X-200, SCALANCE X-200IRT, SCALANCE X-300, позволяющая нарушителю осуществлять межсайтовые сценарные атаки (XSS)

EPSS

Процентиль: 42%
0.00198
Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79
CWE-79