Reflected XSS Vulnerability in Industrial Edge Management OS by Siemens
CVE-2024-45385

4.7MEDIUM

Key Information:

Vendor: Siemens
Vendor: CVE Published:; 14 January 2025

What is CVE-2024-45385?

A vulnerability has been identified in Industrial Edge Management OS (IEM-OS) affecting all versions, which exposes it to reflected cross-site scripting (XSS) attacks. This security flaw enables attackers to craft malicious links that, when accessed by users, can lead to the unauthorized extraction of sensitive information. Organizations utilizing this product need to implement mitigation measures to safeguard against potential exploit attempts.

References

https://cert-portal.siemens.com/productcert/html/ssa-4164...

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 14, 2025