← Volver a CVEs
CVE-2024-36140
MEDIUM6.8
Descripcion
A vulnerability has been identified in OZW672 (All versions < V5.2), OZW772 (All versions < V5.2). The user accounts tab of affected devices is vulnerable to stored cross-site scripting (XSS) attacks. This could allow an authenticated remote attacker to inject arbitrary JavaScript code that is later executed by another authenticated victim user with potential higher privileges than the attacker.
Detalles CVE
Puntuacion CVSS v3.16.8
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado11/12/2024
Ultima modificacion11/15/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
siemens:ozw672siemens:ozw672_firmwaresiemens:ozw772siemens:ozw772_firmware
Debilidades (CWE)
CWE-79
Referencias
https://cert-portal.siemens.com/productcert/html/ssa-230445.html(productcert@siemens.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.