CVE-2018-4848Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Siemens Scalance X-200 Firmware

CWE-80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)CWE-79Cross-site Scripting4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 45.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Siemens Scalance X-200 FirmwareSiemens Scalance X-200 IRT FirmwareSiemens Scalance X-200 Switch Family+3 more
Timeline
PublishedJun 14
Latest updateMay 13

Description

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). The integrated configuration web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked i

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages6 packages

CVEListV5siemens/scalance_x-200irt_switch_familyAll versions < V5.4.1
CVEListV5siemens/scalance_x-200rna_switch_familyAll versions < V3.2.7
CVEListV5siemens/scalance_x-200_switch_familyAll versions < V5.2.3
CVEListV5siemens/scalance_x-300_switch_familyAll versions < V4.1.3

🔴Vulnerability Details

2
GHSA
GHSA-9g23-gj69-j9g7: A vulnerability has been identified in SCALANCE X-200 switch family (incl2022-05-13
CVEList
CVE-2018-4848: A vulnerability has been identified in SCALANCE X-200 switch family (incl2018-06-14

💥Exploits & PoCs

1
Exploit-DB
Oracle Glassfish OSE 4.1 - Path Traversal (Metasploit)2018-08-14
CVE-2018-4848 — Siemens vulnerability | cvebase