Reflected Cross-Site Scripting Vulnerability in Control Center Server by Siemens
CVE-2019-19293

6.1MEDIUM

Key Information:

Vendor: Siemens
Status: Control Center Server (ccs)
Vendor: CVE Published:; 10 March 2020

What is CVE-2019-19293?

A reflected Cross-site Scripting (XSS) vulnerability exists in all versions of Control Center Server (CCS) below 1.5.0. This vulnerability can be exploited by an unauthenticated remote attacker through the web interface, allowing them to execute malicious scripts in a user's browser context. As a result, attackers could potentially steal sensitive information, manipulate user sessions, or perform unauthorized administrative actions, compromising the security and integrity of the CCS environment.

Affected Version(s)

Control Center Server (CCS) All versions < V1.5.0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-84476...

x_refsource_MISC

https://cert-portal.siemens.com/productcert/pdf/ssa-76184...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2020
Vulnerability Reserved
Nov 26, 2019