CVE-2018-16555 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Siemens Scalance S602 Firmware

CWE-80 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 55.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Scalance S602 Firmware Siemens Scalance S612 Firmware Siemens Scalance S623 Firmware +1 more

Timeline

PublishedDec 13

Latest updateMay 13

Description

A vulnerability has been identified in SCALANCE S602 (All versions < V4.0.1.1), SCALANCE S612 (All versions < V4.0.1.1), SCALANCE S623 (All versions < V4.0.1.1), SCALANCE S627-2M (All versions < V4.0.1.1). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At th…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages4 packages

▶NVDsiemens/scalance_s602_firmware< v4.0.1.1

▶NVDsiemens/scalance_s612_firmware< 4.0.1.1

▶NVDsiemens/scalance_s623_firmware< 4.0.1.1

▶NVDsiemens/scalance_s627-2m_firmware< 4.0.1.1

🔴Vulnerability Details

GHSA

GHSA-8j36-9mff-4j84: A vulnerability has been identified in SCALANCE S602 (All versions < V4↗2022-05-13

▶

CVEList

CVE-2018-16555: A vulnerability has been identified in SCALANCE S602 (All versions < V4↗2018-12-13

▶