CVE-2020-7579

MEDIUM

Spectrum Power 5 < 5.50 HF02 - Cross-Site Scripting via Malicious Link

Title source: llm
STIX 2.1

Description

A vulnerability has been identified in Spectrum Power™ 5 (All versions < v5.50 HF02). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. If deployed according to recommended system configuration, Siemens consideres the environmental vector as CR:L/IR:M/AR:H/MAV:A (4.1).

References (1)

Core 1
Core References

Scores

CVSS v3 6.1
EPSS 0.0037
EPSS Percentile 59.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-80 CWE-79
Status published
Products (2)
siemens/spectrum_power_5 5.50 hf01
siemens/spectrum_power_5 < 5.50
Published Mar 10, 2020
Tracked Since Feb 18, 2026