Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-6577
HistoryMay 14, 2019 - 8:29 p.m.

CVE-2019-6577

2019-05-1420:29:00
CWE-79
[email protected]
web.nvd.nist.gov
25
cve
2019
6577
simatic
hmi
panels
cross-site scripting
xss
security vulnerability
nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.7 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

28.6%

JSON

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The integrated web server could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify particular parts of the device configuration via SNMP. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires system privileges and user interaction. An attacker could use the vulnerability to compromise confidentiality and the integrity of the affected system. At the stage of publishing this security advisory no public exploitation is known.

CPENameOperatorVersion
siemens:simatic_hmi_comfort_panels_firmwaresiemens simatic hmi comfort panels firmwarelt15.1
siemens:simatic_hmi_comfort_outdoor_panels_firmwaresiemens simatic hmi comfort outdoor panels firmwarelt15.1
siemens:simatic_hmi_ktp_mobile_panels_ktp400f_firmwaresiemens simatic hmi ktp mobile panels ktp400f firmwarelt15.1
siemens:simatic_hmi_ktp_mobile_panels_ktp700_firmwaresiemens simatic hmi ktp mobile panels ktp700 firmwarelt15.1
siemens:simatic_hmi_ktp_mobile_panels_ktp700f_firmwaresiemens simatic hmi ktp mobile panels ktp700f firmwarelt15.1
siemens:simatic_hmi_ktp_mobile_panels_ktp900_firmwaresiemens simatic hmi ktp mobile panels ktp900 firmwarelt15.1
siemens:simatic_hmi_ktp_mobile_panels_ktp900f_firmwaresiemens simatic hmi ktp mobile panels ktp900f firmwarelt15.1
siemens:simatic_wincc_\(tia_portal\)siemens simatic wincc \(tia portal\)lt15.1
siemens:simatic_wincc_runtimesiemens simatic wincc runtimelt15.1
siemens:simatic_hmi_tp_firmwaresiemens simatic hmi tp firmwareeq*
Rows per page:
1-10 of 121

Related

cvelist 1
cnvd 1
prion 1
ics 1
cvelist
cvelist
CVE-2019-6577
2019-05-14 19:54:48
cnvd
cnvd
Cross-site scripting vulnerability in multiple Siemens products
2019-05-14 00:00:00
prion
prion
Cross site scripting
2019-05-14 20:29:00
ics
ics
Siemens SIMATIC Panels and WinCC (TIA Portal)
2019-05-14 12:00:00

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.7 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

28.6%

JSON
Related for CVE-2019-6577
cvelist1cnvd1prion1ics1