Clickjacking Vulnerability in SCALANCE Switch Family by Siemens
CVE-2019-13924

5.4MEDIUM

Key Information:

Vendor
Siemens
Vendor
CVE Published:
11 February 2020

Summary

A vulnerability exists in various SCALANCE switch products where the administrative web interface omits the X-Frame-Options header. This oversight renders the devices susceptible to Clickjacking attacks. An attacker could exploit this flaw by deceiving a legitimate administrator into clicking on a malicious site, potentially allowing unauthorized actions through the web interface. It is crucial for users of affected devices to review their security settings and apply updated firmware to mitigate this risk.

Affected Version(s)

SCALANCE S602 All versions < V4.1

SCALANCE S612 All versions < V4.1

SCALANCE S623 All versions < V4.1

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.