PT-2020-14638 · Siemens · Desigo Insight

Published

2020-10-15

Updated

2021-11-18

CVE-2020-15794

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Desigo Insight (All versions)

Description A vulnerability has been identified that could allow an authenticated attacker to retrieve additional information about the host system. This is due to some error messages in the web application showing the absolute path to the requested resource.

Recommendations For all versions, consider restricting access to error messages or modifying the web application to mask absolute paths in error messages until a fix is available.

Fix

Information Disclosure

Generation of Error Message Containing Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-209

Related Identifiers

CVE-2020-15794

Affected Products

Desigo Insight

PT-2020-14638 · Siemens · Desigo Insight

CVE-2020-15794

Weakness Enumeration

Related Identifiers

Affected Products

References · 4