CVE-2018-16555
MEDIUMSCALANCE S602, S612, S623, S627-2M < V4.0.1.1 - Authenticated Stored Cross-Site Scripting
Title source: llmDescription
A vulnerability has been identified in SCALANCE S602 (All versions < V4.0.1.1), SCALANCE S612 (All versions < V4.0.1.1), SCALANCE S623 (All versions < V4.0.1.1), SCALANCE S627-2M (All versions < V4.0.1.1). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-242982.pdf
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105937
Scores
CVSS v3
5.4
EPSS
0.0022
EPSS Percentile
44.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-80
CWE-79
Status
published
Products (4)
siemens/scalance_s602_firmware
< v4.0.1.1
siemens/scalance_s612_firmware
< 4.0.1.1
siemens/scalance_s623_firmware
< 4.0.1.1
siemens/scalance_s627-2m_firmware
< 4.0.1.1
Published
Dec 13, 2018
Tracked Since
Feb 18, 2026