Detections
Analytics

Siemens Climatix BACnet/IP Communication Module < 10.34 XSS

medium Nessus Network Monitor Plugin ID 720066

Synopsis

A cross-site scripting (XSS) vulnerability exists in the integrated web server on the Siemens Climatix BACnet/IP communication modules.

Description

Cross-site scripting (XSS) vulnerability in the integrated web server on the Siemens Climatix BACnet/IP communication module with firmware before 10.34 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Solution

Perform vendor recommended mitigations and apply available vendor upgrades.

See Also

http://packetstormsecurity.com/files/132514/Climatix-BACnet-IP-Communication-Module-Cross-Site-Scripting.html,http://www.securityfocus.com/bid/75427,http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-142512.pdf,https://ics-cert.us-cert.gov/advisories/ICSA-15-176-01

Plugin Details

Severity: Medium

ID: 720066

Family: SCADA

Published: 5/8/2019

Updated: 9/30/2019

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

Patch Publication Date: 6/25/2015

Vulnerability Publication Date: 6/25/2015

Reference Information

CVE: CVE-2015-4174

BID: 75427