CVE-2018-4842 Information

Description

A vulnerability has been identified in SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions V5.4.1) SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions V4.1.3). A remote authenticated attacker with access to the configuration web server could be able to store script code on the web site if the HRP redundancy option is set. This code could be executed in the web browser of victims visiting this web site (XSS) affecting its confidentiality integrity and availability. User interaction is required for successful exploitation as the user needs to visit the manipulated web site. At the stage of publishing this security advisory no public exploitation is known. The vendor has confirmed the vulnerability and provides mitigations to resolve it.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf https://www.securityfocus.com/bid/104494

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

4.8