A vulnerability has been identified in SCALANCE S602 (All versions < V4.0.1.1), SCALANCE S612 (All versions < V4.0.1.1), SCALANCE S623 (All versions < V4.0.1.1), SCALANCE S627-2M (All versions < V4.0.1.1). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known.
References
| Link | Resource |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-242982.pdf | Vendor Advisory |
| http://www.securityfocus.com/bid/105937 | Third Party Advisory VDB Entry |
Advertisement
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Information
Published : 2018-12-13 08:29
Updated : 2019-10-09 16:36
NVD link : CVE-2018-16555
Mitre link : CVE-2018-16555
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Advertisement
Products Affected
siemens
- scalance_s627-2m_firmware
- scalance_s602_firmware
- scalance_s612_firmware
- scalance_s623
- scalance_s623_firmware
- scalance_s612
- scalance_s627-2m
- scalance_s602