Vulnerability-Lookup

CVE-2020-7575 (GCVE-0-2020-7575)

Vulnerability from cvelistv5 – Published: 2020-04-14 19:50 – Updated: 2024-08-04 09:33

Summary

A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions < V11.32). A persistent cross-site scripting (XSS) vulnerability exists in the web server access log page of the affected devices that could allow an attacker to inject arbitrary JavaScript code via specially crafted GET requests. The code could be potentially executed later by another (privileged) user. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires no system privileges. An attacker could use the vulnerability to compromise the confidentiality and integrity of other users' web sessions.

Severity ?

No CVSS data available.

CWE

CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Assigner

siemens

References

URL

GHSA-X224-39VW-8RH7

Vulnerability from github – Published: 2022-05-24 17:14 – Updated: 2022-05-24 17:14

Details

A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions). A persistent cross-site scripting (XSS) vulnerability exists in the web server access log page of the affected devices that could allow an attacker to inject arbitrary JavaScript code via specially crafted GET requests. The code could be potentially executed later by another (privileged) user. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires no system privileges. An attacker could use the vulnerability to compromise the confidentiality and integrity of other users' web sessions.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-7575"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-14T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions). A persistent cross-site scripting (XSS) vulnerability exists in the web server access log page of the affected devices that could allow an attacker to inject arbitrary JavaScript code via specially crafted GET requests. The code could be potentially executed later by another (privileged) user. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires no system privileges. An attacker could use the vulnerability to compromise the confidentiality and integrity of other users\u0027 web sessions.",
  "id": "GHSA-x224-39vw-8rh7",
  "modified": "2022-05-24T17:14:17Z",
  "published": "2022-05-24T17:14:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7575"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-886514.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTFR-2020-AVI-207

Vulnerability from certfr_avis - Published: 2020-04-14 - Updated: 2020-04-14

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	SIMATIC S7-1500 Software Controller versions antérieures à V20.8
Siemens	N/A	TIM 3V-IE versions antérieures à V2.8
Siemens	N/A	SCALANCE X-200
Siemens	N/A	SIDOOR ATE531S
Siemens	N/A	SIMATIC ET200SP IM155-6 PN/2 HF
Siemens	N/A	Climatix POL908
Siemens	N/A	SIMATIC CP 1242-7 versions antérieures à V3.2
Siemens	N/A	SIMATIC S7-1500 CPU family versions antérieures à V2.8
Siemens	N/A	SIDOOR ATE530S COATED
Siemens	N/A	TIM 4R-IE versions antérieures à V2.8
Siemens	N/A	SIMATIC CP 443-1
Siemens	N/A	INEMA Remote Connect Server versions antérieures à V2.1
Siemens	N/A	TALON TC Series (BACnet) versions antérieures ou égales à V3.0
Siemens	N/A	SIMATIC ET200MP IM155-5 PN HF
Siemens	N/A	APOGEE PXC Series (P2) versions antérieures ou égales à V2.8.2
Siemens	N/A	IE/PB-Link V3
Siemens	N/A	SIMATIC S7-400 PN/DP V7
Siemens	N/A	SIMATIC CP 1543SP-1 versions antérieures à V2.1
Siemens	N/A	SIMATIC CP 1542SP-1 IRC versions antérieures à V2.1
Siemens	N/A	Desigo PXM20 (Power PC) versions antérieures ou égales à V2.3x
Siemens	N/A	SIMATIC CP 1542SP-1 versions antérieures à V2.1
Siemens	N/A	SIMATIC MICRO-DRIVE PDC
Siemens	N/A	SCALANCE X-200IRT
Siemens	N/A	SINAMICS S/G Control Unit w. PROFINET
Siemens	N/A	SIMATIC S7-300 CPU
Siemens	N/A	SIMATIC CP 1243-1 versions antérieures à V3.2
Siemens	N/A	SCALANCE SC-600 versions antérieures à V2.0
Siemens	N/A	SIMATIC RF182C
Siemens	N/A	SIMATIC RF186CI
Siemens	N/A	SIMATIC ET200SP IM155-6 PN HA
Siemens	N/A	SIMATIC CP 1243-8 IRC versions antérieures à V3.2
Siemens	N/A	Desigo PXC (Power PC) versions antérieures ou égales à V2.3x
Siemens	N/A	SIMATIC RF186C
Siemens	N/A	SIMATIC WinAC RTX (F) 2010
Siemens	N/A	SCALANCE X-300
Siemens	N/A	TIM 4R-IE DNP3 versions antérieures à V3.3
Siemens	N/A	SIMATIC TDC CPU555
Siemens	N/A	SIMATIC ET 200SP Open Controller CPU1515SP PC2 versions antérieures à V20.8
Siemens	N/A	SIDOOR ATD430W
Siemens	N/A	TIM 3V-IE Advanced versions antérieures à V2.8
Siemens	N/A	SIMATIC RF180C
Siemens	N/A	SIMATIC CP 1543-1 versions antérieures à V2.2
Siemens	N/A	SIMATIC ET 200SP Open Controller CPU1515SP PC versions antérieures à V2.1.7
Siemens	N/A	SCALANCE M-800 versions antérieures à V6.1
Siemens	N/A	APOGEE MEC/MBC/PXC (P2) versions antérieures à V2.8.2
Siemens	N/A	SCALANCE S615 versions antérieures à V6.1
Siemens	N/A	SIMATIC PN/PN Coupler
Siemens	N/A	SIMATIC RF185C
Siemens	N/A	SIMATIC RF188CI
Siemens	N/A	SCALANCE W700 IEEE 802.11a/b/g/n versions antérieures à V6.4
Siemens	N/A	RUGGEDCOM RM1224 versions antérieures à V6.1
Siemens	N/A	SIMATIC CP 1243-7 LTE EU versions antérieures à V3.2
Siemens	N/A	SIMATIC S7-410 CPU
Siemens	N/A	SIMOTICS CONNECT 400 versions antérieures à V0.3.0.330
Siemens	N/A	SIMATIC TDC CP51M1
Siemens	N/A	KTK ATE530S
Siemens	N/A	SCALANCE W1700 IEEE 802.11ac versions antérieures à V2.0
Siemens	N/A	RUGGEDCOM ROX II versions antérieures à V2.13.3
Siemens	N/A	TIM 3V-IE DNP3 versions antérieures à V3.3
Siemens	N/A	APOGEE PXC versions antérieures ou égales à V3.0
Siemens	N/A	SIMATIC CP 443-1 Advanced
Siemens	N/A	SIMATIC ET200SP IM155-6 PN HF
Siemens	N/A	Climatix POL909
Siemens	N/A	SIMATIC CP 1243-7 LTE US versions antérieures à V3.2
Siemens	N/A	SIMATIC ET200SP IM155-6 PN/3 HF
Siemens	N/A	SIMATIC ET200SP IM155-6 MF HF
Siemens	N/A	SIMATIC RF188C

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-886514 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-102233 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-359303 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-162506 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-593272 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-377115 du 14 avril 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SIMATIC S7-1500 Software Controller versions ant\u00e9rieures \u00e0 V20.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIM 3V-IE versions ant\u00e9rieures \u00e0 V2.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X-200",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIDOOR ATE531S",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200SP IM155-6 PN/2 HF",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Climatix POL908",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1242-7 versions ant\u00e9rieures \u00e0 V3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 CPU family versions ant\u00e9rieures \u00e0 V2.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIDOOR ATE530S COATED",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIM 4R-IE versions ant\u00e9rieures \u00e0 V2.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 443-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "INEMA Remote Connect Server versions ant\u00e9rieures \u00e0 V2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TALON TC Series (BACnet) versions ant\u00e9rieures ou \u00e9gales \u00e0 V3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200MP IM155-5 PN HF",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC Series (P2) versions ant\u00e9rieures ou \u00e9gales \u00e0 V2.8.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "IE/PB-Link V3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-400 PN/DP V7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1543SP-1 versions ant\u00e9rieures \u00e0 V2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1542SP-1 IRC versions ant\u00e9rieures \u00e0 V2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXM20 (Power PC) versions ant\u00e9rieures ou \u00e9gales \u00e0 V2.3x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1542SP-1 versions ant\u00e9rieures \u00e0 V2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC MICRO-DRIVE PDC",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X-200IRT",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS S/G Control Unit w. PROFINET",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-300 CPU",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1243-1 versions ant\u00e9rieures \u00e0 V3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE SC-600 versions ant\u00e9rieures \u00e0 V2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF182C",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF186CI",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200SP IM155-6 PN HA",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1243-8 IRC versions ant\u00e9rieures \u00e0 V3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC (Power PC) versions ant\u00e9rieures ou \u00e9gales \u00e0 V2.3x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF186C",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinAC RTX (F) 2010",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X-300",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIM 4R-IE DNP3 versions ant\u00e9rieures \u00e0 V3.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC TDC CPU555",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET 200SP Open Controller CPU1515SP PC2 versions ant\u00e9rieures \u00e0 V20.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIDOOR ATD430W",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIM 3V-IE Advanced versions ant\u00e9rieures \u00e0 V2.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF180C",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1543-1 versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET 200SP Open Controller CPU1515SP PC versions ant\u00e9rieures \u00e0 V2.1.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE M-800 versions ant\u00e9rieures \u00e0 V6.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE MEC/MBC/PXC (P2) versions ant\u00e9rieures \u00e0 V2.8.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE S615 versions ant\u00e9rieures \u00e0 V6.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PN/PN Coupler",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF185C",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF188CI",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE W700 IEEE 802.11a/b/g/n versions ant\u00e9rieures \u00e0 V6.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM RM1224 versions ant\u00e9rieures \u00e0 V6.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1243-7 LTE EU versions ant\u00e9rieures \u00e0 V3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-410 CPU",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTICS CONNECT 400 versions ant\u00e9rieures \u00e0 V0.3.0.330",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC TDC CP51M1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "KTK ATE530S",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE W1700 IEEE 802.11ac versions ant\u00e9rieures \u00e0 V2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM ROX II versions ant\u00e9rieures \u00e0 V2.13.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIM 3V-IE DNP3 versions ant\u00e9rieures \u00e0 V3.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC versions ant\u00e9rieures ou \u00e9gales \u00e0 V3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 443-1 Advanced",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200SP IM155-6 PN HF",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Climatix POL909",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1243-7 LTE US versions ant\u00e9rieures \u00e0 V3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200SP IM155-6 PN/3 HF",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200SP IM155-6 MF HF",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF188C",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-5391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5391"
    },
    {
      "name": "CVE-2020-7575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7575"
    },
    {
      "name": "CVE-2020-7574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7574"
    },
    {
      "name": "CVE-2019-13939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13939"
    },
    {
      "name": "CVE-2018-5390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5390"
    },
    {
      "name": "CVE-2019-10939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10939"
    },
    {
      "name": "CVE-2019-19300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19300"
    },
    {
      "name": "CVE-2019-19301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19301"
    }
  ],
  "initial_release_date": "2020-04-14T00:00:00",
  "last_revision_date": "2020-04-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-207",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-04-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-886514 du 14 avril 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-886514.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-102233 du 14 avril 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-102233.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-359303 du 14 avril 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-359303.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-162506 du 14 avril 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-162506.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-593272 du 14 avril 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-377115 du 14 avril 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf"
    }
  ]
}

GSD-2020-7575

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-7575

Aliases

CVE-2020-7575

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-7575",
    "description": "A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions \u003c V11.32). A persistent cross-site scripting (XSS) vulnerability exists in the web server access log page of the affected devices that could allow an attacker to inject arbitrary JavaScript code via specially crafted GET requests. The code could be potentially executed later by another (privileged) user. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires no system privileges. An attacker could use the vulnerability to compromise the confidentiality and integrity of other users\u0027 web sessions.",
    "id": "GSD-2020-7575"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-7575"
      ],
      "details": "A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions \u003c V11.32). A persistent cross-site scripting (XSS) vulnerability exists in the web server access log page of the affected devices that could allow an attacker to inject arbitrary JavaScript code via specially crafted GET requests. The code could be potentially executed later by another (privileged) user. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires no system privileges. An attacker could use the vulnerability to compromise the confidentiality and integrity of other users\u0027 web sessions.",
      "id": "GSD-2020-7575",
      "modified": "2023-12-13T01:21:52.190296Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "ID": "CVE-2020-7575",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Climatix POL908 (BACnet/IP module)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Climatix POL909 (AWM module)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions \u003c V11.32"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Siemens"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions \u003c V11.32). A persistent cross-site scripting (XSS) vulnerability exists in the web server access log page of the affected devices that could allow an attacker to inject arbitrary JavaScript code via specially crafted GET requests. The code could be potentially executed later by another (privileged) user. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires no system privileges. An attacker could use the vulnerability to compromise the confidentiality and integrity of other users\u0027 web sessions."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-886514.pdf",
            "refsource": "MISC",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-886514.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:climatix_pol908_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:climatix_pol908:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:climatix_pol909_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "11.32",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:climatix_pol909:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2020-7575"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions \u003c V11.32). A persistent cross-site scripting (XSS) vulnerability exists in the web server access log page of the affected devices that could allow an attacker to inject arbitrary JavaScript code via specially crafted GET requests. The code could be potentially executed later by another (privileged) user. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires no system privileges. An attacker could use the vulnerability to compromise the confidentiality and integrity of other users\u0027 web sessions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-886514.pdf",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-886514.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2021-03-04T20:26Z",
      "publishedDate": "2020-04-14T20:15Z"
    }
  }
}

CNVD-2020-26246

Vulnerability from cnvd - Published: 2020-05-03

Title

Siemens Climatix POL908和POL909跨站脚本漏洞（CNVD-2020-26246）

Description

Siemens Climatix是德国西门子（Siemens）公司的一套专为空调、制冷和区域供热OEM研发的标准化和可编程控制解决方案，它提供全面的HVAC组合，可根据特定需求进行扩展。BACnet IP - POL908是其中的一个BACnet IP通信模块。AWM Module - POL909是其中的一个AWM通信模块。 Siemens Climatix POL908和POL909存在跨站脚本漏洞。攻击者可利用该漏洞注入任意JavaScript代码，影响其他用户Web会话的保密性和完整性。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.siemens.com/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-7575

Impacted products

Name
['Siemens Climatix POL908', 'Siemens Climatix POL909']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-7575"
    }
  },
  "description": "Siemens Climatix\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e13\u4e3a\u7a7a\u8c03\u3001\u5236\u51b7\u548c\u533a\u57df\u4f9b\u70edOEM\u7814\u53d1\u7684\u6807\u51c6\u5316\u548c\u53ef\u7f16\u7a0b\u63a7\u5236\u89e3\u51b3\u65b9\u6848\uff0c\u5b83\u63d0\u4f9b\u5168\u9762\u7684HVAC\u7ec4\u5408\uff0c\u53ef\u6839\u636e\u7279\u5b9a\u9700\u6c42\u8fdb\u884c\u6269\u5c55\u3002BACnet IP - POL908\u662f\u5176\u4e2d\u7684\u4e00\u4e2aBACnet IP\u901a\u4fe1\u6a21\u5757\u3002AWM Module - POL909\u662f\u5176\u4e2d\u7684\u4e00\u4e2aAWM\u901a\u4fe1\u6a21\u5757\u3002\n\nSiemens Climatix POL908\u548cPOL909\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610fJavaScript\u4ee3\u7801\uff0c\u5f71\u54cd\u5176\u4ed6\u7528\u6237Web\u4f1a\u8bdd\u7684\u4fdd\u5bc6\u6027\u548c\u5b8c\u6574\u6027\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.siemens.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-26246",
  "openTime": "2020-05-03",
  "products": {
    "product": [
      "Siemens Climatix POL908",
      "Siemens Climatix POL909"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-7575",
  "serverity": "\u4e2d",
  "submitTime": "2020-04-15",
  "title": "Siemens Climatix POL908\u548cPOL909\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2020-26246\uff09"
}

FKIE_CVE-2020-7575

Vulnerability from fkie_nvd - Published: 2020-04-14 20:15 - Updated: 2024-11-21 05:37

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

	URL	Tags
	productcert@siemens.com	https://cert-portal.siemens.com/productcert/pdf/ssa-886514.pdf	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-886514.pdf	Vendor Advisory

Impacted products

Vendor	Product	Version
siemens	climatix_pol908_firmware	*
siemens	climatix_pol908	-
siemens	climatix_pol909_firmware	*
siemens	climatix_pol909	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:climatix_pol908_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10406062-CF18-409F-825F-5C24F676E710",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:climatix_pol908:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "51BC0394-A0B0-4B0D-976C-84606340736A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:climatix_pol909_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6DF9014-C729-4CBF-8EBF-BBC960BFED12",
              "versionEndExcluding": "11.32",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:climatix_pol909:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "256380A1-0197-4FED-AF9B-E05D59C7D1F1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions \u003c V11.32). A persistent cross-site scripting (XSS) vulnerability exists in the web server access log page of the affected devices that could allow an attacker to inject arbitrary JavaScript code via specially crafted GET requests. The code could be potentially executed later by another (privileged) user. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires no system privileges. An attacker could use the vulnerability to compromise the confidentiality and integrity of other users\u0027 web sessions."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en Climatix POL908 (m\u00f3dulo BACnet/IP) (todas las versiones), Climatix POL909 (m\u00f3dulo AWM) (todas las versiones anteriores a V11.32). Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) persistente en la p\u00e1gina de registro de acceso al servidor web de los dispositivos afectados que podr\u00eda permitir a un atacante inyectar c\u00f3digo JavaScript arbitrario por medio de peticiones GET especialmente dise\u00f1adas. El c\u00f3digo podr\u00eda ser ejecutado posteriormente por otro usuario (privilegiado). La vulnerabilidad de seguridad podr\u00eda ser explotada por un atacante con acceso de red al sistema afectado. Una explotaci\u00f3n con \u00e9xito no requiere privilegios system. Un atacante podr\u00eda utilizar la vulnerabilidad para comprometer la confidencialidad e integridad de las sesiones web de otros usuarios."
    }
  ],
  "id": "CVE-2020-7575",
  "lastModified": "2024-11-21T05:37:24.323",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-14T20:15:15.543",
  "references": [
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-886514.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-886514.pdf"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-80"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-7575 (GCVE-0-2020-7575)

GHSA-X224-39VW-8RH7

CERTFR-2020-AVI-207

Solution

GSD-2020-7575

CNVD-2020-26246

FKIE_CVE-2020-7575

Tags

Sightings

Nomenclature