Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistSiemensCVELIST:CVE-2019-6577
HistoryMay 14, 2019 - 7:54 p.m.

CVE-2019-6577

2019-05-1419:54:48
CWE-80
siemens
www.cve.org

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.9%

JSON

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The integrated web server could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify particular parts of the device configuration via SNMP. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires system privileges and user interaction. An attacker could use the vulnerability to compromise confidentiality and the integrity of the affected system. At the stage of publishing this security advisory no public exploitation is known.

CNA Affected

[
  {
    "product": "SIMATIC HMI Comfort Panels 4\" - 22\"",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V15.1 Update 1"
      }
    ]
  },
  {
    "product": "SIMATIC HMI Comfort Outdoor Panels 7\" & 15\"",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V15.1 Update 1"
      }
    ]
  },
  {
    "product": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V15.1 Update 1"
      }
    ]
  },
  {
    "product": "SIMATIC WinCC Runtime Advanced",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V15.1 Update 1"
      }
    ]
  },
  {
    "product": "SIMATIC WinCC Runtime Professional",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V15.1 Update 1"
      }
    ]
  },
  {
    "product": "SIMATIC WinCC (TIA Portal)",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V15.1 Update 1"
      }
    ]
  },
  {
    "product": "SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel)",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  }
]

Related

cnvd 1
prion 1
nvd 1
cve 1
ics 1
cnvd
cnvd
Cross-site scripting vulnerability in multiple Siemens products
2019-05-14 00:00:00
prion
prion
Cross site scripting
2019-05-14 20:29:00
nvd
nvd
CVE-2019-6577
2019-05-14 20:29:04
cve
cve
CVE-2019-6577
2019-05-14 20:29:04
ics
ics
Siemens SIMATIC Panels and WinCC (TIA Portal)
2019-05-14 12:00:00

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.9%

JSON
Related for CVELIST:CVE-2019-6577
cnvd1prion1nvd1cve1ics1