Vulnerability Description
A vulnerability has been identified in OZW672 (All versions < V5.2), OZW772 (All versions < V5.2). The user accounts tab of affected devices is vulnerable to stored cross-site scripting (XSS) attacks. This could allow an authenticated remote attacker to inject arbitrary JavaScript code that is later executed by another authenticated victim user with potential higher privileges than the attacker.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Ozw672 Firmware | < 5.2 |
| Siemens | Ozw672 | - |
| Siemens | Ozw772 Firmware | < 5.2 |
| Siemens | Ozw772 | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2024-36140?
CVE-2024-36140 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A vulnerability has been identified in OZW672 (All versions < V5.2), OZW772 (All versions < V5.2). The user accounts tab of affected devices is vulnerable to stored cross-site scripting (XSS) attacks....
How severe is CVE-2024-36140?
CVE-2024-36140 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-36140?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Ozw672 Firmware, Siemens Ozw672, Siemens Ozw772 Firmware, Siemens Ozw772.