CVE-2019-6577

CWE-80 CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.3%

top 46.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic HMI Comfort Outdoor Panels Firmware Siemens Simatic HMI Comfort Panels Firmware Siemens Simatic HMI KTP Mobile Panels Ktp400f Firmware +12 more

Timeline

PublishedMay 14

Latest updateMay 24

Description

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Cla…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages15 packages

▶NVDsiemens/simatic_hmi_ktp_mobile_panels_ktp700_firmware< 15.1

▶NVDsiemens/simatic_hmi_ktp_mobile_panels_ktp900_firmware< 15.1

▶NVDsiemens/simatic_hmi_ktp_mobile_panels_ktp700f_firmware< 15.1

▶NVDsiemens/simatic_hmi_ktp_mobile_panels_ktp900f_firmware< 15.1

▶NVDsiemens/simatic_hmi_comfort_outdoor_panels_firmware< 15.1

🔴Vulnerability Details

GHSA

GHSA-cxq5-q43p-whjh: A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15↗2022-05-24

▶

CVEList

CVE-2019-6577: A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15↗2019-05-14

▶