CNNVD-202510-2039 Information

CNNVD ID

CNNVD-202510-2039

Related CVE

CVE-2025-40772

• CNNVD Published: 2025-10-14

Description (Chinese)

Siemens SiPass Integrated是德国西门子（Siemens）公司的一个功能强大且极其灵活的门禁控制系统。 Siemens SiPass integrated V3.0之前版本存在跨站脚本漏洞，该漏洞源于容易受到存储型跨站脚本攻击，可能导致攻击者冒充其他用户并窃取其会话数据。

Description (English)

Siemens SiPass Integrad is a powerful and extremely flexible door-to-door control system of Siemens, Germany. The pre-Siemens SiPass contained V3.0 had a cross-site script loophole, which stemmed from the vulnerability to storage-type cross-station script attacks, which could lead to the attackers impersonating other users and stealing their session data.

Hazard Level

Medium

Vulnerability Type

跨站脚本

Affected Vendor

西门子

Published

2025-10-14

Last Modified

2026-02-24

References

https://cert-portal.siemens.com/productcert/html/ssa-599451.html

Patch

https://www.siemens.com/global/en/products/services/cert.html#SiemensSecurityAdvisories