Input Validation Flaw in XHQ Web Interface by Siemens
CVE-2019-13931

5.4MEDIUM

Key Information:

Vendor: Siemens Ag
Status: Xhq
Vendor: CVE Published:; 12 December 2019

Summary

A vulnerability has been identified in Siemens XHQ web interface, which allows an attacker to manipulate input in an unexpected form. This flaw requires the attacker to be authenticated to the web interface, leading to potentially erratic behavior of the application for genuine users. Successful exploitation may enable the attacker to alter the contents of the web application, causing significant risks to data integrity and confidentiality. At the time of the advisory publication, there was no evidence of public exploitation of this vulnerability.

Affected Version(s)

XHQ All versions < V6.0.0.2

References

https://cert-portal.siemens.com/productcert/pdf/ssa-52545...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 12, 2019
Vulnerability Reserved
Jul 18, 2019