CVE-2018-4842 — Cross-site Scripting in Siemens Scalance X200 Firmware

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.8MEDIUMNVD

EPSS

0.2%

top 58.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Scalance X200 Firmware Siemens Scalance X200irt Firmware Siemens Scalance X-200irt Switch Family +2 more

Timeline

PublishedJun 14

Latest updateMay 13

Description

A vulnerability has been identified in SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). A remote, authenticated attacker with access to the configuration web server could be able to store script code on the web site, if the HRP redundancy option is set. This code could be executed in the web browser of victims visi…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages5 packages

▶CVEListV5siemens/scalance_x-200irt_switch_familyAll versions < V5.4.1

▶CVEListV5siemens/scalance_x-200rna_switch_familyAll versions < V3.2.7

▶CVEListV5siemens/scalance_x-300_switch_familyAll versions < V4.1.3

▶NVDsiemens/scalance_x200irt_firmware< 5.4.1

▶NVDsiemens/scalance_x200_firmware< 5.2.3

🔴Vulnerability Details

GHSA

GHSA-89f2-v4jr-22cm: A vulnerability has been identified in SCALANCE X-200IRT switch family (incl↗2022-05-13

▶

CVEList

CVE-2018-4842: A vulnerability has been identified in SCALANCE X-200IRT switch family (incl↗2018-06-14

▶