Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-36140

A vulnerability has been identified in OZW672 (All versions < V5.2), OZW772 (All versions < V5.2). The user accounts tab of affected devices is vulnerable to stored cross-site scripting (XSS) attacks. This could allow an authenticated remote attacker to inject arbitrary JavaScript code that is later executed by another authenticated victim user with potential higher privileges than the attacker.

Published

2024-11-12T13:15:07.957

Last Modified

2024-11-15T22:53:26.063

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	siemens	ozw672_firmware	< 5.2	Yes
Hardware	siemens	ozw672	-	No
Operating System	siemens	ozw772_firmware	< 5.2	Yes
Hardware	siemens	ozw772	-	No

References

https://cert-portal.siemens.com/productcert/html/ssa-230445.html Vendor Advisory ([email protected])