SQL Injection Vulnerability in XHQ Web Interface from Siemens
CVE-2019-19286

7.2HIGH

Key Information:

Vendor: Siemens
Status: Xhq
Vendor: CVE Published:; 14 December 2020

What is CVE-2019-19286?

A vulnerability has been identified in XHQ by Siemens that could be exploited through the web interface. If an attacker is able to modify the content of specific web pages, they can execute SQL injection attacks. This could potentially allow unauthorized access to sensitive data stored in the database, leading to further exploitation of the affected system. It's crucial for users of XHQ versions below 6.1 to review their security posture and apply necessary updates to mitigate such risks.

Affected Version(s)

XHQ All Versions < 6.1

References

https://cert-portal.siemens.com/productcert/pdf/ssa-71269...

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 14, 2020
Vulnerability Reserved
Nov 26, 2019