CVE-2016-1488
MEDIUMSiemens OZW672 and OZW772 Firmware < 6.00 - Cross-Site Scripting via Login Form URL Parameter
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the login form in the integrated web server on Siemens OZW OZW672 devices before 6.00 and OZW772 devices before 6.00 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-16-019-01
Vendor Advisory x_refsource_confirm
http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-743465.pdf
Scores
CVSS v3
6.1
EPSS
0.0024
EPSS Percentile
47.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
siemens/ozw672_firmware
< 5.2
siemens/ozw772_firmware
< 5.2
Published
Jan 30, 2016
Tracked Since
Feb 18, 2026