Cross-Site Scripting Vulnerability in Siemens OZW672 and OZW772 Devices
CVE-2016-1488

6.1MEDIUM

Key Information:

Vendor: Siemens
Status: Ozw672 Firmware
Vendor: CVE Published:; 30 January 2016

Summary

A cross-site scripting (XSS) vulnerability exists in the login form of the integrated web server on Siemens OZW672 and OZW772 devices prior to version 6.00. This flaw allows remote attackers to inject arbitrary web scripts or HTML through specially crafted URLs, potentially compromising the security of the device and exposing sensitive user information. Organizations using these devices should implement necessary security measures and apply updates to mitigate the risk of exploitation.

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-019-01

x_refsource_MISC

http://www.siemens.com/cert/pool/cert/siemens_security_ad...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 30, 2016
Vulnerability Reserved
Jan 4, 2016