CVE-2016-1488

6.1MEDIUM

Key Information:

Vendor: Siemens
Status: Ozw672 Firmware
Vendor: CVE Published:; 30 January 2016

Summary

Cross-site scripting (XSS) vulnerability in the login form in the integrated web server on Siemens OZW OZW672 devices before 6.00 and OZW772 devices before 6.00 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-019-01

x_refsource_MISC

http://www.siemens.com/cert/pool/cert/siemens_security_ad...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 30, 2016
Vulnerability Reserved
Jan 4, 2016