CVE-2017-6866

6.5MEDIUM

Key Information:

Vendor: Siemens
Status: Xhq 4 (all Versions Before V4.7.1.3), Xhq 5 (all Versions Before V5.0.0.2)
Vendor: CVE Published:; 7 August 2017

Summary

A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level.

Affected Version(s)

XHQ 4 (All before V4.7.1.3), XHQ 5 (All before V5.0.0.2) XHQ 4 (All versions before V4.7.1.3), XHQ 5 (All versions before V5.0.0.2)

References

http://www.securityfocus.com/bid/99247

vdb-entryx_refsource_BID

https://www.siemens.com/cert/pool/cert/siemens_security_a...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 7, 2017
Vulnerability Reserved
Mar 13, 2017