SiemensCVE-2020-15781CVE-2020-15781
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
51.2%
A vulnerability has been identified in SICAM WEB firmware for SICAM A8000 RTUs (All versions < V05.30). The login screen does not sufficiently sanitize input, which enables an attacker to generate specially crafted log messages. If an unsuspecting victim views the log messages via the web browser, these log messages might be interpreted and executed as code by the web application. This Cross-Site-Scripting (XSS) vulnerability might compromize the confidentiality, integrity and availability of the web application.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| siemens | sicam_a8000 | - | cpe:2.3:h:siemens:sicam_a8000:-:*:*:*:*:*:*:* |
| siemens | sicam_a8000_firmware | * | cpe:2.3:o:siemens:sicam_a8000_firmware:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "SICAM WEB firmware for SICAM A8000 RTUs",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions < V05.30"
}
]
}
]Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
51.2%