Lucene search

SiemensCVE-2019-10933

HistoryJul 11, 2019 - 10:15 p.m.

CVE-2019-10933

2019-07-1122:15:11

CWE-80

CWE-79

siemens

web.nvd.nist.gov

231

cve-2019-10933

spectrum power

cross-site scripting

xss

information security

web server security

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

33.8%

JSON

A vulnerability has been identified in Spectrum Power 3 (Corporate User Interface) (All versions <= v3.11), Spectrum Power 4 (Corporate User Interface) (Version v4.75), Spectrum Power 5 (Corporate User Interface) (All versions < v5.50), Spectrum Power 7 (Corporate User Interface) (All versions <= v2.20). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user does not need to be logged into the web interface in order for the exploitation to succeed.At the stage of publishing this security advisory no public exploitation is known.

Affected configurations

Nvd

Node

siemensspectrum_power_3Range≤3.11

siemensspectrum_power_4Range≤4.75

siemensspectrum_power_5Range≤5.50

siemensspectrum_power_7Range≤2.20

VendorProductVersionCPE
siemensspectrum_power_3*cpe:2.3:a:siemens:spectrum_power_3:*:*:*:*:*:*:*:*
siemensspectrum_power_4*cpe:2.3:a:siemens:spectrum_power_4:*:*:*:*:*:*:*:*
siemensspectrum_power_5*cpe:2.3:a:siemens:spectrum_power_5:*:*:*:*:*:*:*:*
siemensspectrum_power_7*cpe:2.3:a:siemens:spectrum_power_7:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	spectrum_power_3	*	cpe:2.3:a:siemens:spectrum_power_3::::::::
siemens	spectrum_power_4	*	cpe:2.3:a:siemens:spectrum_power_4::::::::
siemens	spectrum_power_5	*	cpe:2.3:a:siemens:spectrum_power_5::::::::
siemens	spectrum_power_7	*	cpe:2.3:a:siemens:spectrum_power_7::::::::

CNA Affected

[
  {
    "product": "Spectrum Power 3 (Corporate User Interface)",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions <= v3.11"
      }
    ]
  },
  {
    "product": "Spectrum Power 4 (Corporate User Interface)",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "Version v4.75"
      }
    ]
  },
  {
    "product": "Spectrum Power 5 (Corporate User Interface)",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < v5.50"
      }
    ]
  },
  {
    "product": "Spectrum Power 7 (Corporate User Interface)",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions <= v2.20"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-747162.pdf

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

33.8%

JSON

Related for CVE-2019-10933