CVE-2020-15793

Name of the Vulnerable Software and Affected Versions Desigo Insight (All versions)

Description The issue is related to the device not properly setting the X-Frame-Options HTTP Header, making it susceptible to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by tricking that user into clicking on a website controlled by the attacker. Additionally, the vulnerability is associated with incorrect restriction of visualizable layers in the user interface, which can be exploited by a remote attacker to redirect a user to an arbitrary site.

Recommendations For Desigo Insight (All versions), consider implementing proper X-Frame-Options HTTP Header settings to prevent Clickjacking attacks. As a temporary workaround, restrict access to the user interface to minimize the risk of exploitation. Avoid using the Desigo Insight interface on untrusted websites until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.