Cross-Site Scripting Vulnerability in Control Center Server by Siemens
CVE-2019-19294

6.3MEDIUM

Key Information:

Vendor: Siemens
Status: Control Center Server (ccs)
Vendor: CVE Published:; 10 March 2020

Summary

A stored Cross-Site Scripting vulnerability has been found in the web interface of Control Center Server (CCS) software. All versions prior to V1.5.0 are affected. This vulnerability arises from inadequate input validation in multiple fields, allowing an authenticated attacker to inject malicious JavaScript code. The result is the potential execution of the injected code in the browser context of any user who accesses the compromised web content, thereby compromising user data and security.

Affected Version(s)

Control Center Server (CCS) All versions < V1.5.0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-84476...

x_refsource_MISC

https://cert-portal.siemens.com/productcert/pdf/ssa-76184...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 10, 2020
Vulnerability Reserved
Nov 26, 2019