Clickjacking Vulnerability in SCALANCE Switch Family by Siemens
CVE-2019-13924
5.4MEDIUM
Key Information:
- Vendor
- Siemens
- Vendor
- CVE Published:
- 11 February 2020
Summary
A vulnerability exists in various SCALANCE switch products where the administrative web interface omits the X-Frame-Options header. This oversight renders the devices susceptible to Clickjacking attacks. An attacker could exploit this flaw by deceiving a legitimate administrator into clicking on a malicious site, potentially allowing unauthorized actions through the web interface. It is crucial for users of affected devices to review their security settings and apply updated firmware to mitigate this risk.
Affected Version(s)
SCALANCE S602 All versions < V4.1
SCALANCE S612 All versions < V4.1
SCALANCE S623 All versions < V4.1
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved