CVE-2018-16555

Summary

A vulnerability has been identified in SCALANCE S602 (All versions < V4.0.1.1), SCALANCE S612 (All versions < V4.0.1.1), SCALANCE S623 (All versions < V4.0.1.1), SCALANCE S627-2M (All versions < V4.0.1.1). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known.

Affected Software

VendorProductVersion RangeStatus
Siemens AGSCALANCE S602, SCALANCE S612, SCALANCE S623, SCALANCE S627-2MSCALANCE S602 : All versions < V4.0.1.1affected
Siemens AGSCALANCE S602, SCALANCE S612, SCALANCE S623, SCALANCE S627-2MSCALANCE S612 : All versions < V4.0.1.1affected
Siemens AGSCALANCE S602, SCALANCE S612, SCALANCE S623, SCALANCE S627-2MSCALANCE S623 : All versions < V4.0.1.1affected
Siemens AGSCALANCE S602, SCALANCE S612, SCALANCE S623, SCALANCE S627-2MSCALANCE S627-2M : All versions < V4.0.1.1affected

Weaknesses

  • CWE-80: CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

ADP Enrichment

CVE Program Container

Additional References

References