10 matches found
Siemens RUGGEDCOM NMS
CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: RUGGEDCOM NMS Vulnerabilities: Cross-Site Request Forgery, Cross-Site Scripting. AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following RUGGEDCOM monitoring products: RUGGEDC...
CVE-2017-2682
The Siemens web application RUGGEDCOM NMS V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery CSRF attack, potentially allowing an attacker to execute administrative operations, provided the targeted user has an active session and is induced to...
CVE-2017-2682
The Siemens web application RUGGEDCOM NMS V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery CSRF attack, potentially allowing an attacker to execute administrative operations, provided the targeted user has an active session and is induced to...
CVE-2017-2683
A non-privileged user of the Siemens web application RUGGEDCOM NMS V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting XSS attack, potentially resulting in obtaining administrative permissions...
Cross site request forgery (csrf)
The Siemens web application RUGGEDCOM NMS V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery CSRF attack, potentially allowing an attacker to execute administrative operations, provided the targeted user has an active session and is induced to...
CVE-2017-2683
A non-privileged user of the Siemens web application RUGGEDCOM NMS V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting XSS attack, potentially resulting in obtaining administrative permissions...
CVE-2017-2682
The Siemens web application RUGGEDCOM NMS V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery CSRF attack, potentially allowing an attacker to execute administrative operations, provided the targeted user has an active session and is induced to...
CVE-2017-2683
A non-privileged user of the Siemens web application RUGGEDCOM NMS V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting XSS attack, potentially resulting in obtaining administrative permissions...
CVE-2017-2683
Siemens RUGGEDCOM NMS (all versions prior to 2.1.0) on ports 8080/8081 contains a persistent XSS vulnerability (CVE-2017-2683) allowing a non-privileged user to potentially obtain administrative permissions. The issue is described in ICS-CERT advisory ICSA-17-059-01 and Siemens security advisory ...
Siemens RuggedCom NMS Cross-Site Scripting Vulnerability
RUGGEDCOM NMS is a Siemens enterprise solution for monitoring, configuring and maintaining RUGGEDCOM mission-critical networks. A cross-site scripting vulnerability exists in Siemens RuggedCom NMS versions prior to 2.1, which can be exploited by attackers to launch a cross-site scripting attack a...