Lucene search

SiemensCVELIST:CVE-2019-19294

HistoryMar 10, 2020 - 7:16 p.m.

CVE-2019-19294

2020-03-1019:16:17

CWE-79

siemens

www.cve.org

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N/E:P/RL:U/RC:C

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

32.1%

JSON

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains
multiple stored Cross-site Scripting (XSS) vulnerabilities in several input
fields.
This could allow an authenticated remote attacker to inject malicious
JavaScript code into the CCS web application that is later executed
in the browser context of any other user who views the relevant CCS
web content.

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "Control Center Server (CCS)",
    "versions": [
      {
        "version": "All versions < V1.5.0",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf

cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N/E:P/RL:U/RC:C

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

32.1%

JSON

Related for CVELIST:CVE-2019-19294