10 matches found
Siemens RUGGEDCOM NMS
CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: RUGGEDCOM NMS Vulnerabilities: Cross-Site Request Forgery, Cross-Site Scripting. AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following RUGGEDCOM monitoring products: RUGGEDC...
CVE-2017-2682
The Siemens web application RUGGEDCOM NMS V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery CSRF attack, potentially allowing an attacker to execute administrative operations, provided the targeted user has an active session and is induced to...
Cross site request forgery (csrf)
The Siemens web application RUGGEDCOM NMS V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery CSRF attack, potentially allowing an attacker to execute administrative operations, provided the targeted user has an active session and is induced to...
CVE-2017-2682
The Siemens web application RUGGEDCOM NMS V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery CSRF attack, potentially allowing an attacker to execute administrative operations, provided the targeted user has an active session and is induced to...
CVE-2017-2683
A non-privileged user of the Siemens web application RUGGEDCOM NMS V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting XSS attack, potentially resulting in obtaining administrative permissions...
CVE-2017-2683
A non-privileged user of the Siemens web application RUGGEDCOM NMS V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting XSS attack, potentially resulting in obtaining administrative permissions...
CVE-2017-2682
The Siemens web application RUGGEDCOM NMS V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery CSRF attack, potentially allowing an attacker to execute administrative operations, provided the targeted user has an active session and is induced to...
CVE-2017-2683
A non-privileged user of the Siemens web application RUGGEDCOM NMS V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting XSS attack, potentially resulting in obtaining administrative permissions...
CVE-2017-2683
Siemens RUGGEDCOM NMS (all versions prior to 2.1.0) on ports 8080/8081 contains a persistent XSS vulnerability (CVE-2017-2683) allowing a non-privileged user to potentially obtain administrative permissions. The issue is described in ICS-CERT advisory ICSA-17-059-01 and Siemens security advisory ...
Siemens RuggedCom NMS Cross-Site Scripting Vulnerability
RUGGEDCOM NMS is a Siemens enterprise solution for monitoring, configuring and maintaining RUGGEDCOM mission-critical networks. A cross-site scripting vulnerability exists in Siemens RuggedCom NMS versions prior to 2.1, which can be exploited by attackers to launch a cross-site scripting attack a...