Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-15781

A vulnerability has been identified in SICAM WEB firmware for SICAM A8000 RTUs (All versions < V05.30). The login screen does not sufficiently sanitize input, which enables an attacker to generate specially crafted log messages. If an unsuspecting victim views the log messages via the web browser, these log messages might be interpreted and executed as code by the web application. This Cross-Site-Scripting (XSS) vulnerability might compromize the confidentiality, integrity and availability of the web application.

Published

2020-08-14T16:15:16.853

Last Modified

2024-11-21T05:06:10.020

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.6 (CRITICAL)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-79
Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	siemens	sicam_a8000_firmware	< 05.30	Yes
Hardware	siemens	sicam_a8000	-	No

References

https://cert-portal.siemens.com/productcert/pdf/ssa-370042.pdf Mitigation, Patch, Vendor Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-370042.pdf Mitigation, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)