Show plain JSON{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:sicam_a8000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6EA612FA-5E60-4278-A7A3-9C28E5857AD8", "versionEndExcluding": "05.30", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:sicam_a8000:-:*:*:*:*:*:*:*", "matchCriteriaId": "5BF612C4-56F9-4946-86E5-6D7C309E195F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SICAM WEB firmware for SICAM A8000 RTUs (All versions < V05.30). The login screen does not sufficiently sanitize input, which enables an attacker to generate specially crafted log messages. If an unsuspecting victim views the log messages via the web browser, these log messages might be interpreted and executed as code by the web application. This Cross-Site-Scripting (XSS) vulnerability might compromize the confidentiality, integrity and availability of the web application."}, {"lang": "es", "value": "Una vulnerabilidad ha sido identificada en el firmware SICAM WEB para las RTU SICAM A8000 (Todas las versiones anteriores a V05.30). La pantalla de inicio de sesi\u00f3n no sanea de manera suficiente la entrada, lo que permite a un atacante generar mensajes de registro especialmente dise\u00f1ados. Si una v\u00edctima desprevenida visualiza los mensajes de registro por medio de un navegador web, estos mensajes de registro pueden ser interpretados y ejecutados como c\u00f3digo por parte de la aplicaci\u00f3n web. Esta vulnerabilidad de tipo Cross-Site-Scripting (XSS) podr\u00eda comprometer la confidencialidad, integridad y la disponibilidad de la aplicaci\u00f3n web."}], "id": "CVE-2020-15781", "lastModified": "2024-11-21T05:06:10.020", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-08-14T16:15:16.853", "references": [{"source": "productcert@siemens.com", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-370042.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-370042.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "productcert@siemens.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]} 
MITRE
Vulnrichment
NVD
Redhat