CVE-2020-15781

Name of the Vulnerable Software and Affected Versions SICAM WEB firmware for SICAM A8000 RTUs versions prior to V05.30

Description A Cross-Site-Scripting (XSS) issue has been identified, where the login screen does not sufficiently sanitize input. This allows an attacker to generate specially crafted log messages. If an unsuspecting victim views these log messages via the web browser, they might be interpreted and executed as code by the web application, potentially compromising the confidentiality, integrity, and availability of the web application.

Recommendations For versions prior to V05.30, update to version V05.30 or later to resolve the issue. As a temporary workaround, consider restricting access to the login screen and log messages to minimize the risk of exploitation. Avoid viewing log messages via the web browser until the issue is resolved.