Lucene search
China National Vulnerability DatabaseCNVD-2022-91616HistoryOct 13, 2022 - 12:00 a.m.
Cross-site scripting vulnerability in Import Files function of multiple Siemens products
2022-10-1300:00:00
China National Vulnerability Database
www.cnvd.org.cn
36
siemens
desigo px
building automation
control system
cross-site scripting
vulnerability
web application
remote attacker
arbitrary javascript code
graphics package
cnvd
0.001 Low
EPSS
Percentile
29.3%
Siemens Desigo PX is a building automation control system from Siemens, a German company. A cross-site scripting vulnerability exists in several Siemens products. The vulnerability stems from an incorrect neutralization of input during web page generation in the Import Files function of the “Operation” web application, which could be exploited by a remote, low-authority attacker to execute arbitrary JavaScript code by uploading a specially crafted graphics package.
Related
cvelist
cvelist
CVE-2022-40178
2022-10-11 00:00:00
nessus
nessus
nvd
nvd
CVE-2022-40178
2022-10-11 11:15:10
prion
prion
Input validation
2022-10-11 11:15:00
cve
cve
CVE-2022-40178
2022-10-11 11:15:10
ics
ics
Siemens Desigo PXM Devices
2022-10-13 12:00:00