Clickjacking Vulnerability in Desigo Insight by Siemens
CVE-2020-15793

5.4MEDIUM

Key Information:

Vendor
Siemens
Vendor
CVE Published:
15 October 2020

Summary

A security flaw in Desigo Insight affects all versions, leaving the product vulnerable to Clickjacking attacks. The absence of a properly configured X-Frame-Options HTTP Header enables an attacker to manipulate a legitimate user’s session. By coercing a user into interacting with a malicious web page, unauthorized parties can retrieve or alter sensitive information, potentially leading to unauthorized data access or manipulation.

Affected Version(s)

Desigo Insight All versions

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.