Cross-Site Scripting Vulnerability in SCALANCE M875 by Siemens
CVE-2018-11448

4.8MEDIUM

Key Information:

Vendor: Siemens
Status: Scalance M875
Vendor: CVE Published:; 26 June 2018

What is CVE-2018-11448?

A vulnerability in the SCALANCE M875 web interface could permit a stored Cross-Site Scripting (XSS) attack. If an attacker obtains administrative access, they could manipulate the web interface. Subsequent actions by a legitimate user accessing a malicious link could trigger the execution of harmful code in their browser, exposing them to further risks. It is crucial to remain vigilant about web interface security and ensure users do not access unsecured links.

Affected Version(s)

SCALANCE M875 SCALANCE M875 All versions

References

https://cert-portal.siemens.com/productcert/pdf/ssa-97742...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2018
Vulnerability Reserved
May 25, 2018