Clickjacking Vulnerability in Desigo Insight by Siemens
CVE-2020-15793
5.4MEDIUM
Summary
A security flaw in Desigo Insight affects all versions, leaving the product vulnerable to Clickjacking attacks. The absence of a properly configured X-Frame-Options HTTP Header enables an attacker to manipulate a legitimate user’s session. By coercing a user into interacting with a malicious web page, unauthorized parties can retrieve or alter sensitive information, potentially leading to unauthorized data access or manipulation.
Affected Version(s)
Desigo Insight All versions
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved