Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2014-2248

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-16 Mar, 2014 | 10:00
Updated At-06 Aug, 2024 | 10:06
Rejected At-
Credits

Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:16 Mar, 2014 | 10:00
Updated At:06 Aug, 2024 | 10:06
Rejected At:
▼CVE Numbering Authority (CNA)

Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf
x_refsource_CONFIRM
http://www.securityfocus.com/bid/66190
vdb-entry
x_refsource_BID
http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01
x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf
x_refsource_CONFIRM
Hyperlink: http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/66190
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01
Resource:
x_refsource_MISC
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/66190
vdb-entry
x_refsource_BID
x_transferred
http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01
x_refsource_MISC
x_transferred
https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/66190
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:16 Mar, 2014 | 14:06
Updated At:12 Apr, 2025 | 10:46

Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
Siemens AG
siemens
>>simatic_s7-1500_cpu_firmware>>Versions up to 1.1.2(inclusive)
cpe:2.3:o:siemens:simatic_s7-1500_cpu_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_s7-1500_cpu_firmware>>1.0.1
cpe:2.3:o:siemens:simatic_s7-1500_cpu_firmware:1.0.1:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_s7-1500_cpu_firmware>>1.1.0
cpe:2.3:o:siemens:simatic_s7-1500_cpu_firmware:1.1.0:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_s7-1500_cpu_firmware>>1.1.1
cpe:2.3:o:siemens:simatic_s7-1500_cpu_firmware:1.1.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
CWE-601: URL Redirection to Untrusted Site (“Open Redirect”)
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01cve@mitre.org
US Government Resource
http://www.securityfocus.com/bid/66190cve@mitre.org
N/A
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdfcve@mitre.org
Patch
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdfcve@mitre.org
N/A
http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.securityfocus.com/bid/66190af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdfaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdfaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.securityfocus.com/bid/66190
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.securityfocus.com/bid/66190
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

59Records found
CVE-2019-19293
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-6.1||MEDIUM
EPSS-0.43% / 61.66%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 19:16
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains a reflected Cross-site Scripting (XSS) vulnerability that could allow an unauthenticated remote attacker to steal sensitive data or execute administrative actions on behalf of a legitimate administrator of the CCS web interface.

Action-Not Available
Vendor-Siemens AG
Product-sinvr_3_video_serversinvr_3_central_control_serverControl Center Server (CCS)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-13924
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-5.4||MEDIUM
EPSS-0.27% / 50.37%
||
7 Day CHG~0.00%
Published-11 Feb, 2020 | 00:00
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versions < V4.1), SCALANCE S623 (All versions < V4.1), SCALANCE S627-2M (All versions < V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an attacker to perform administrative actions via the web interface.

Action-Not Available
Vendor-Siemens AG
Product-scalance_xp-200_firmwarescalance_xc-200_firmwarescalance_xb-200scalance_xr-300wg_firmwarescalance_xr-300wgscalance_xp-200scalance_x-200irt_firmwarescalance_xr-300scalance_x-300scalance_x-200irtscalance_xb-200_firmwarescalance_x-300_firmwarescalance_xf-200scalance_xf-200_firmwarescalance_xc-200scalance_xr-300_firmwareSCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)SCALANCE S623SCALANCE S627-2MSCALANCE X-200 switch family (incl. SIPLUS NET variants)SCALANCE X-200RNA switch familySCALANCE S602SCALANCE S612SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)
CWE ID-CWE-693
Protection Mechanism Failure
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2019-13923
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.6||CRITICAL
EPSS-0.50% / 64.75%
||
7 Day CHG~0.00%
Published-13 Sep, 2019 | 16:38
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions). The integrated configuration web server of the affected device could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known.

Action-Not Available
Vendor-Siemens AG
Product-ie\/wsn-pa_link_wirelesshart_gateway_firmwareie\/wsn-pa_link_wirelesshart_gatewayIE/WSN-PA Link WirelessHART Gateway
CWE ID-CWE-80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-13943
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-6.1||MEDIUM
EPSS-0.31% / 53.59%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). The web interface could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify content of particular web pages, causing the application to behave in unexpected ways for legitimate users. Successful exploitation does not require for an attacker to be authenticated to the web interface. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security. vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-en100_ethernet_module_with_firmware_variant_profinet_ioen100_ethernet_module_with_firmware_variant_modbus_tcpen100_ethernet_module_with_firmware_variant_iec_61850en100_ethernet_module_with_firmware_variant_dnp3_tcpen100_ethernet_module_with_firmware_variant_iec104en100_ethernet_moduleEN100 Ethernet module PROFINET IO variantEN100 Ethernet module DNP3 variantEN100 Ethernet module IEC104 variantEN100 Ethernet module Modbus TCP variantEN100 Ethernet module IEC 61850 variant
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-10929
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-5.9||MEDIUM
EPSS-0.14% / 34.56%
||
7 Day CHG~0.00%
Published-13 Aug, 2019 | 18:55
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC S7-PLCSIM Advanced (All versions < V3.0), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions < V3.16 P013), SIMATIC WinCC Runtime Advanced (All versions < V16), SIMATIC WinCC Runtime Professional (All versions < V16), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions < V2.1). Affected devices contain a message protection bypass vulnerability due to certain properties in the calculation used for integrity protection. This could allow an attacker in a Man-in-the-Middle position to modify network traffic sent on port 102/tcp to the affected devices.

Action-Not Available
Vendor-Siemens AG
Product-simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmwaresimatic_s7-1200_cpu_1214csimatic_winccsimatic_s7-1500_cpu_1511csimatic_wincc_open_architecturesimatic_s7-1200_cpu_1212csimatic_s7-1500simatic_cp_1626simatic_wincc_runtimesimatic_tim_1531_irc_firmwaresimatic_s7-1500_cpu_1511c_firmwaresimatic_s7-1200_cpu_1217csimatic_hmi_panel_firmwaresimatic_s7-1500_cpu_1512c_firmwaresimatic_s7-1200_cpu_1215c_firmwaresimatic_hmi_panelsimatic_step_7simatic_s7-1200_cpu_1212c_firmwaresimatic_s7-1200_cpu_1217c_firmwaresimatic_tim_1531_ircsimatic_s7-1200_cpu_1215csimatic_s7-1200_cpu_1211csimatic_s7-1500_cpu_1518simatic_et_200sp_open_controller_cpu_1515sp_pc_firmwaresimatic_net_pcsimatic_s7-1500_cpu_1512csimatic_cp_1626_firmwaresimatic_s7-1200_cpu_1214c_firmwaresimatic_s7-plcsim_advancedsimatic_s7-1500_cpu_1518_firmwaresimatic_et_200sp_open_controller_cpu_1515sp_pcsimatic_s7-1200_cpu_1211c_firmwaresimatic_et_200sp_open_controller_cpu_1515sp_pc2SIMATIC NET PC Software V14SIMATIC WinCC Runtime AdvancedSIMATIC NET PC Software V15TIM 1531 IRC (incl. SIPLUS NET variants)SIMATIC WinCC OASIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)SIMATIC S7-1200 CPU family (incl. SIPLUS variants)SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)SIMATIC CP 1626SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)SIMATIC STEP 7 (TIA Portal)SIMATIC HMI Panel (incl. SIPLUS variants)SIMATIC S7-1500 Software ControllerSIMATIC WinCC (TIA Portal)SIMATIC WinCC Runtime ProfessionalSIMATIC S7-PLCSIM Advanced
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2019-10933
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-6.1||MEDIUM
EPSS-0.32% / 54.13%
||
7 Day CHG~0.00%
Published-11 Jul, 2019 | 21:17
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Spectrum Power 3 (Corporate User Interface) (All versions <= v3.11), Spectrum Power 4 (Corporate User Interface) (Version v4.75), Spectrum Power 5 (Corporate User Interface) (All versions < v5.50), Spectrum Power 7 (Corporate User Interface) (All versions <= v2.20). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user does not need to be logged into the web interface in order for the exploitation to succeed.At the stage of publishing this security advisory no public exploitation is known.

Action-Not Available
Vendor-Siemens AG
Product-spectrum_power_3spectrum_power_5spectrum_power_4spectrum_power_7Spectrum Power 5 (Corporate User Interface)Spectrum Power 3 (Corporate User Interface)Spectrum Power 4 (Corporate User Interface)Spectrum Power 7 (Corporate User Interface)
CWE ID-CWE-80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-4174
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.31% / 78.94%
||
7 Day CHG~0.00%
Published-28 Jun, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the integrated web server on the Siemens Climatix BACnet/IP communication module with firmware before 10.34 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Action-Not Available
Vendor-n/aSiemens AG
Product-climatix_bacnet\/ipn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-12740
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-5.9||MEDIUM
EPSS-0.14% / 34.47%
||
7 Day CHG~0.00%
Published-26 Dec, 2017 | 04:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack.

Action-Not Available
Vendor-n/aSiemens AG
Product-logo\!_soft_comfortSiemens LOGO! Soft Comfort (All versions before V8.2)
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2019-6585
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-6.1||MEDIUM
EPSS-0.48% / 64.14%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 19:16
Updated-04 Aug, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). The integrated configuration web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed.

Action-Not Available
Vendor-Siemens AG
Product-scalance_s623scalance_s612_firmwarescalance_s627-2m_firmwarescalance_s602scalance_s627-2mscalance_s602_firmwarescalance_s612scalance_s623_firmwareSCALANCE S627-2MSCALANCE S623SCALANCE S602SCALANCE S612
CWE ID-CWE-80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • Next
Details not found