Vulnerability Description
A vulnerability has been identified in SICAM WEB firmware for SICAM A8000 RTUs (All versions < V05.30). The login screen does not sufficiently sanitize input, which enables an attacker to generate specially crafted log messages. If an unsuspecting victim views the log messages via the web browser, these log messages might be interpreted and executed as code by the web application. This Cross-Site-Scripting (XSS) vulnerability might compromize the confidentiality, integrity and availability of the web application.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Sicam A8000 Firmware | < 05.30 |
| Siemens | Sicam A8000 | - |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-370042.pdfMitigationPatchVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-370042.pdfMitigationPatchVendor Advisory
FAQ
What is CVE-2020-15781?
CVE-2020-15781 is a vulnerability with a CVSS score of 9.6 (CRITICAL). A vulnerability has been identified in SICAM WEB firmware for SICAM A8000 RTUs (All versions < V05.30). The login screen does not sufficiently sanitize input, which enables an attacker to generate spe...
How severe is CVE-2020-15781?
CVE-2020-15781 has been rated CRITICAL with a CVSS base score of 9.6/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-15781?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Sicam A8000 Firmware, Siemens Sicam A8000.