30 matches found
CVE-2017-6864
The integrated web server in Siemens RUGGEDCOM ROX I all versions at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks...
CVE-2017-6864
The integrated web server in Siemens RUGGEDCOM ROX I all versions at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks...
CVE-2017-2687
Siemens RUGGEDCOM ROX I all versions contain a vulnerability in the integrated web server at port 10000/TCP which is prone to reflected Cross-Site Scripting attacks if an unsuspecting user is induced to click on a malicious link...
CVE-2017-2686
Siemens RUGGEDCOM ROX I all versions contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive information...
CVE-2017-2689
Siemens RUGGEDCOM ROX I all versions allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration settings...
CVE-2017-2688
The integrated web server in Siemens RUGGEDCOM ROX I all versions at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicking on a malicious link or into visiting a...
CVE-2017-2687
Siemens RUGGEDCOM ROX I all versions contain a vulnerability in the integrated web server at port 10000/TCP which is prone to reflected Cross-Site Scripting attacks if an unsuspecting user is induced to click on a malicious link...
CVE-2017-2686
Siemens RUGGEDCOM ROX I all versions contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive information...
Design/Logic Flaw
Siemens RUGGEDCOM ROX I all versions allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration settings...
Cross site request forgery (csrf)
The integrated web server in Siemens RUGGEDCOM ROX I all versions at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicking on a malicious link or into visiting a...
Cross site scripting
Siemens RUGGEDCOM ROX I all versions contain a vulnerability in the integrated web server at port 10000/TCP which is prone to reflected Cross-Site Scripting attacks if an unsuspecting user is induced to click on a malicious link...
Cross site scripting
The integrated web server in Siemens RUGGEDCOM ROX I all versions at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks...
CVE-2017-2686
Siemens RUGGEDCOM ROX I (all versions) contains CVE-2017-2686: an authenticated user could read arbitrary files via the web interface on port 10000/TCP, exposing sensitive information. Root cause is improper authorization on the web interface (CWE-285); impact is partial confidentiality (I:H in C...
CVE-2017-2689
Siemens RUGGEDCOM ROX I all versions allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration settings...
CVE-2017-2687
Siemens RUGGEDCOM ROX I all versions contain a vulnerability in the integrated web server at port 10000/TCP which is prone to reflected Cross-Site Scripting attacks if an unsuspecting user is induced to click on a malicious link...
CVE-2017-6864
The integrated web server in Siemens RUGGEDCOM ROX I all versions at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks...
CVE-2017-2688
The integrated web server in Siemens RUGGEDCOM ROX I all versions at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicking on a malicious link or into visiting a...
CVE-2017-2689
CVE-2017-2689 affects Siemens RUGGEDCOM ROX I (all versions). An authenticated user can bypass access restrictions in the web interface on port 10000/TCP to obtain privileged file-system access or change configuration settings. Root cause: Improper Authorization (CWE-285) with CVSS v3 base score ...
CVE-2017-2688
The CVE-2017-2688 entry affects Siemens RUGGEDCOM ROX I (all versions) via the integrated web server on port 10000/TCP. The issue is a Cross-Site Request Forgery (CSRF) where an authenticated user who has an active session can be induced to click a malicious link or visit a malicious site, allowi...
CVE-2017-6864
CVE-2017-6864 affects Siemens RUGGEDCOM ROX I devices (all versions) via the integrated web server on port 10000/TCP. An authenticated user can perform stored Cross-Site Scripting attacks against the web interface. The CVE is documented in multiple sources (NVD entry and related advisories). The ...