Lucene search
SiemensCVELIST:CVE-2019-10933HistoryJul 11, 2019 - 9:17 p.m.
CVE-2019-10933
2019-07-1121:17:47
CWE-80
siemens
www.cve.org
0.001 Low
EPSS
Percentile
34.0%
A vulnerability has been identified in Spectrum Power 3 (Corporate User Interface) (All versions <= v3.11), Spectrum Power 4 (Corporate User Interface) (Version v4.75), Spectrum Power 5 (Corporate User Interface) (All versions < v5.50), Spectrum Power 7 (Corporate User Interface) (All versions <= v2.20). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user does not need to be logged into the web interface in order for the exploitation to succeed.At the stage of publishing this security advisory no public exploitation is known.
CNA Affected
[
{
"product": "Spectrum Power 3 (Corporate User Interface)",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions <= v3.11"
}
]
},
{
"product": "Spectrum Power 4 (Corporate User Interface)",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "Version v4.75"
}
]
},
{
"product": "Spectrum Power 5 (Corporate User Interface)",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions < v5.50"
}
]
},
{
"product": "Spectrum Power 7 (Corporate User Interface)",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions <= v2.20"
}
]
}
]Related
cve
cve
CVE-2019-10933
2019-07-11 22:15:11
nvd
nvd
CVE-2019-10933
2019-07-11 22:15:11
prion
prion
Cross site scripting
2019-07-11 22:15:00
ics
ics
Siemens Spectrum Power (Update A)
2019-08-13 12:00:00