CVE-2024-36140

🗓️ 12 Nov 2024 12:49:32Reported by siemensType

Vulnerability in devices OZW672 & OZW772 (All versions < V5.2) allows stored cross-site scripting attack

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2024-36140	12 Nov 202413:03	–	circl
CNNVD	Siemens OZW672和OZW772 跨站脚本漏洞	12 Nov 202400:00	–	cnnvd
CNVD	Siemens OZW devices (web servers) cross-site scripting vulnerability	13 Nov 202400:00	–	cnvd
Cvelist	CVE-2024-36140	12 Nov 202412:49	–	cvelist
EUVD	EUVD-2024-35896	3 Oct 202520:07	–	euvd
ICS	Siemens OZW672 and OZW772 Web Server	12 Nov 202400:00	–	ics
NCSC	Vulnerabilities fixed in Siemens products	12 Nov 202414:19	–	ncsc
NVD	CVE-2024-36140	12 Nov 202413:15	–	nvd
RedhatCVE	CVE-2024-36140	23 May 202506:28	–	redhatcve
Vulnrichment	CVE-2024-36140	12 Nov 202412:49	–	vulnrichment

NVD

Node

siemens ozw672_firmwareRange<5.2

AND

siemens ozw672Match-

Node

siemens ozw772_firmwareRange<5.2

AND

siemens ozw772Match-

[
  {
    "vendor": "Siemens",
    "product": "OZW672",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V5.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "OZW772",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V5.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-230445.html

15 Nov 2024 22:53Current

5.6Medium risk

Vulners AI Score5.6

CVSS 3.15.4 - 6.8

CVSS 48.2

EPSS0.00203

SSVC

CWE-79