An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into clicking on a malicious link.
2017-11-15T08:29:00.267
2025-04-20T01:37:25.860
Deferred
CVSSv3.0: 6.1 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Operating System | siemens | sm-2556_firmware | dnpi00 | Yes |
Operating System | siemens | sm-2556_firmware | enos00 | Yes |
Operating System | siemens | sm-2556_firmware | erac00 | Yes |
Operating System | siemens | sm-2556_firmware | eta2 | Yes |
Operating System | siemens | sm-2556_firmware | etls00 | Yes |
Operating System | siemens | sm-2556_firmware | modi00 | Yes |
Hardware | siemens | sm-2556 | - | No |