Cross-Site Scripting Vulnerability in Siemens SCALANCE Devices
CVE-2019-6585

6.1MEDIUM

Key Information:

Vendor: Siemens
Status: Scalance S602; Scalance S612; Scalance S623; Scalance S627-2m
Vendor: CVE Published:; 10 March 2020

Summary

A Cross-Site Scripting (XSS) vulnerability has been discovered in Siemens’ SCALANCE series, affecting various models within the specified version range. This security flaw resides in the integrated configuration web server, which could allow attackers to execute malicious scripts if users are misled into clicking on harmful links. Successful exploitation requires that the target user be logged into the web interface, making user interaction a crucial factor in the attack process. Device administrators should prioritize patching and implementing security measures to safeguard against these potential attacks.

Affected Version(s)

SCALANCE S602 All versions >= V3.0 and < V4.1

SCALANCE S612 All versions >= V3.0 and < V4.1

SCALANCE S623 All versions >= V3.0 and < V4.1

References

https://cert-portal.siemens.com/productcert/pdf/ssa-59140...

x_refsource_CONFIRM

https://www.us-cert.gov/ics/advisories/icsa-20-042-10

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 10, 2020
Vulnerability Reserved
Jan 22, 2019