CVE-2019-6585 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Siemens Scalance S602 Firmware

CWE-80 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 43.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Scalance S602 Firmware Siemens Scalance S612 Firmware Siemens Scalance S623 Firmware +5 more

Timeline

PublishedMar 10

Latest updateMay 24

Description

A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and = V3.0 and = V3.0 and = V3.0 and < V4.1). The integrated configuration web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages8 packages

▶NVDsiemens/scalance_s602_firmware3.0 — 4.1

▶CVEListV5siemens/scalance_s602All versions >= V3.0 and < V4.1

▶NVDsiemens/scalance_s612_firmware3.0 — 4.1

▶NVDsiemens/scalance_s623_firmware3.0 — 4.1

▶NVDsiemens/scalance_s627-2m_firmware3.0 — 4.1

🔴Vulnerability Details

GHSA

GHSA-xm74-phc9-jvhx: A vulnerability has been identified in SCALANCE S602 (All versions >= V3↗2022-05-24

▶

CVEList

CVE-2019-6585: A vulnerability has been identified in SCALANCE S602 (All versions >= V3↗2020-03-10

▶