CVE-2019-6585

6.1MEDIUM

Key Information:

Vendor: Siemens
Status: Scalance S602; Scalance S612; Scalance S623; Scalance S627-2m
Vendor: CVE Published:; 10 March 2020

Summary

A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). The integrated configuration web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed.

Affected Version(s)

SCALANCE S602 All versions >= V3.0 and < V4.1

SCALANCE S612 All versions >= V3.0 and < V4.1

SCALANCE S623 All versions >= V3.0 and < V4.1

References

https://cert-portal.siemens.com/productcert/pdf/ssa-59140...

x_refsource_CONFIRM

https://www.us-cert.gov/ics/advisories/icsa-20-042-10

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 10, 2020
Vulnerability Reserved
Jan 22, 2019