CVE-2020-7574

A vulnerability has been identified in Climatix POL908 BACnet/IP module All versions, Climatix POL909 AWM module All versions V11.32. A persistent cross-site scripting XSS vulnerability exists in the "Server Config" web interface of the affected devices that could allow an attacker to inject...

CVE-2020-7575

A vulnerability has been identified in Climatix POL908 BACnet/IP module All versions, Climatix POL909 AWM module All versions V11.32. A persistent cross-site scripting XSS vulnerability exists in the web server access log page of the affected devices that could allow an attacker to inject arbitra...

Siemens Climatix POL908 and POL909 Cross-Site Scripting Vulnerabilities

Siemens Climatix is a standardized and programmable control solution for air conditioning, refrigeration and district heating OEMs from Siemens, Germany, offering a comprehensive HVAC portfolio that can be expanded to meet specific needs.BACnet IP - POL908 is one of the BACnet IP communication...

Siemens Climatix POL908 and POL909 Cross-Site Scripting Vulnerabilities (CNVD-2020-26246)

Siemens Climatix is a standardized and programmable control solution for air conditioning, refrigeration and district heating OEMs from Siemens, Germany, offering a comprehensive HVAC portfolio that can be expanded to meet specific needs.BACnet IP - POL908 is one of the BACnet IP communication...

CVE-2020-7575

A vulnerability has been identified in Climatix POL908 BACnet/IP module All versions, Climatix POL909 AWM module All versions V11.32. A persistent cross-site scripting XSS vulnerability exists in the web server access log page of the affected devices that could allow an attacker to inject arbitra...

CVE-2020-7574

A vulnerability has been identified in Climatix POL908 BACnet/IP module All versions, Climatix POL909 AWM module All versions V11.32. A persistent cross-site scripting XSS vulnerability exists in the "Server Config" web interface of the affected devices that could allow an attacker to inject...

Cross site scripting

A vulnerability has been identified in Climatix POL908 BACnet/IP module All versions, Climatix POL909 AWM module All versions V11.32. A persistent cross-site scripting XSS vulnerability exists in the "Server Config" web interface of the affected devices that could allow an attacker to inject...

Cross site scripting

A vulnerability has been identified in Climatix POL908 BACnet/IP module All versions, Climatix POL909 AWM module All versions V11.32. A persistent cross-site scripting XSS vulnerability exists in the web server access log page of the affected devices that could allow an attacker to inject arbitra...

CVE-2020-7574

Siemens Climatix POL908 (BACnet/IP module) and POL909 (AWM module) are affected by CVE-2020-7574, a cross-site scripting (XSS) vulnerability in the Server Config web interface. The issue, present in all versions for POL908 and all versions

CVE-2020-7574

A vulnerability has been identified in Climatix POL908 BACnet/IP module All versions, Climatix POL909 AWM module All versions V11.32. A persistent cross-site scripting XSS vulnerability exists in the "Server Config" web interface of the affected devices that could allow an attacker to inject...

CVE-2020-7575

The CVE-2020-7575 entry affects Siemens Climatix POL908 (BACnet/IP module) and POL909 (AWM module). The vulnerability is a persistent cross-site scripting (XSS) flaw in the web server access log page that lets an attacker inject arbitrary JavaScript via specially crafted GET requests. Exploitatio...

CVE-2020-7575

A vulnerability has been identified in Climatix POL908 BACnet/IP module All versions, Climatix POL909 AWM module All versions V11.32. A persistent cross-site scripting XSS vulnerability exists in the web server access log page of the affected devices that could allow an attacker to inject arbitra...

Siemens Climatix (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Climatix Vulnerability: Cross-site Scripting, Basic XSS 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-105-04 Siemens Climatix...