PT-2018-10578 · Siemens · Scalance M875

Published

2018-06-26

Updated

2019-10-09

CVE-2018-11448

CVSS v2.0

3.5

Low

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions SCALANCE M875 (All versions)

Description A stored Cross-Site Scripting (XSS) attack could be executed through the web interface on port 443/tcp if an unsuspecting user accesses a malicious link. The attacker must be authenticated as an administrative user and have access to the web interface. A successful attack could allow an attacker to execute malicious code in the browser of a legitimate user.

Recommendations For SCALANCE M875, restrict access to the web interface to minimize the risk of exploitation. Ensure that only authorized personnel have administrative access to the web interface. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

CSRF

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352CWE-79

Related Identifiers

CVE-2018-11448

Affected Products

Scalance M875

PT-2018-10578 · Siemens · Scalance M875

CVE-2018-11448

Weakness Enumeration

Related Identifiers

Affected Products

References · 2