SCALANCE M875 におけるクロスサイトスクリプティングの脆弱性
| Title |
SCALANCE M875 におけるクロスサイトスクリプティングの脆弱性
|
| Summary |
SCALANCE M875 には、クロスサイトスクリプティングの脆弱性が存在します。
|
| Possible impacts |
情報を取得される、および情報を改ざんされる可能性があります。 |
| Solution |
ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date |
June 12, 2018, midnight |
| Registration Date |
Sept. 6, 2018, 4:59 p.m. |
| Last Update |
Sept. 6, 2018, 4:59 p.m. |
|
CVSS3.0 : 警告
|
| Score |
4.8
|
| Vector |
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
|
CVSS2.0 : 注意
|
| Score |
3.5
|
| Vector |
AV:N/AC:M/Au:S/C:N/I:P/A:N |
Affected System
| シーメンス |
|
SCALANCE M875 ファームウェア 全てのバージョン
|
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
Change Log
| No |
Changed Details |
Date of change |
| 1 |
[2018年09月06日]
掲載 |
Sept. 6, 2018, 4:59 p.m. |
NVD Vulnerability Information
CVE-2018-11448
| Summary |
A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a stored Cross-Site Scripting (XSS) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires that the attacker has access to the web interface of an affected device. The attacker must be authenticated as administrative user on the web interface. Afterwards, a legitimate user must access the web interface. A successful attack could allow an attacker to execute malicious code in the browser of a legitimate user. At the time of advisory publication no public exploitation of this security vulnerability was known.
|
| Publication Date |
June 27, 2018, 3:29 a.m. |
| Registration Date |
March 1, 2021, 6:46 p.m. |
| Last Update |
Nov. 21, 2024, 12:43 p.m. |
Affected software configurations
| Configuration1 |
or higher |
or less |
more than |
less than |
| cpe:2.3:o:siemens:scalance_m875_firmware:-:*:*:*:*:*:*:* |
|
|
|
|
| execution environment |
| 1 |
cpe:2.3:h:siemens:scalance_m875:-:*:*:*:*:*:*:* |
Related information, measures and tools
Common Vulnerabilities List