CVE-2020-15781
Last modified
CVE-2020-15781 is a critical-severity vulnerability rated 9.6/10 on the CVSS scale. A vulnerability has been identified in SICAM WEB firmware for SICAM A8000 RTUs (All versions < V05.30). The login screen does not sufficiently sanitize input, which enables an attacker to generate specially crafted log messages. EPSS estimates a 1.00% chance of exploitation in the next 30 days.
Description
A vulnerability has been identified in SICAM WEB firmware for SICAM A8000 RTUs (All versions < V05.30). The login screen does not sufficiently sanitize input, which enables an attacker to generate specially crafted log messages. If an unsuspecting victim views the log messages via the web browser, these log messages might be interpreted and executed as code by the web application. This Cross-Site-Scripting (XSS) vulnerability might compromize the confidentiality, integrity and availability of the web application.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Sicam A8000 Firmware | < 05.30 |
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-370042.pdfMitigation, Patch, Vendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-370042.pdfMitigation, Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-15781?
How severe is CVE-2020-15781?
How do I fix CVE-2020-15781?
Are you affected by CVE-2020-15781?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST