CVE-2020-7574 - OpenCVE

A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions < V11.32). A persistent cross-site scripting (XSS) vulnerability exists in the "Server Config" web interface of the affected devices that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires no system privileges. An attacker could use the vulnerability to compromise the confidentiality and integrity of other users' web session.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens	Climatix Pol908 Climatix Pol908 Firmware Climatix Pol909 Climatix Pol909 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:siemens:climatix_pol908_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:climatix_pol908:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:siemens:climatix_pol909_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:climatix_pol909:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-886514.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2020-04-14T19:50:54

Updated: 2024-08-04T09:33:19.576Z

Reserved: 2020-01-21T00:00:00

Link: CVE-2020-7574

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-04-14T20:15:15.480

Modified: 2021-03-04T20:26:41.943

Link: CVE-2020-7574

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Climatix POL908 (BACnet/IP module)", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions"}]}, {"product": "Climatix POL909 (AWM module)", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V11.32"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions < V11.32). A persistent cross-site scripting (XSS) vulnerability exists in the \"Server Config\" web interface of the affected devices that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires no system privileges. An attacker could use the vulnerability to compromise the confidentiality and integrity of other users' web session."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-02-09T15:38:20", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-886514.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-7574", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Climatix POL908 (BACnet/IP module)", "version": {"version_data": [{"version_value": "All versions"}]}}, {"product_name": "Climatix POL909 (AWM module)", "version": {"version_data": [{"version_value": "All versions < V11.32"}]}}]}, "vendor_name": "Siemens"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions < V11.32). A persistent cross-site scripting (XSS) vulnerability exists in the \"Server Config\" web interface of the affected devices that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires no system privileges. An attacker could use the vulnerability to compromise the confidentiality and integrity of other users' web session."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}]}, "references": {"reference_data": [{"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-886514.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-886514.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:33:19.576Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-886514.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-7574", "datePublished": "2020-04-14T19:50:54", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2024-08-04T09:33:19.576Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:climatix_pol908_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "10406062-CF18-409F-825F-5C24F676E710", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:climatix_pol908:-:*:*:*:*:*:*:*", "matchCriteriaId": "51BC0394-A0B0-4B0D-976C-84606340736A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:climatix_pol909_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B6DF9014-C729-4CBF-8EBF-BBC960BFED12", "versionEndExcluding": "11.32", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:climatix_pol909:-:*:*:*:*:*:*:*", "matchCriteriaId": "256380A1-0197-4FED-AF9B-E05D59C7D1F1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions < V11.32). A persistent cross-site scripting (XSS) vulnerability exists in the \"Server Config\" web interface of the affected devices that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires no system privileges. An attacker could use the vulnerability to compromise the confidentiality and integrity of other users' web session."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en Climatix POL908 (m\u00f3dulo BACnet/IP) (todas las versiones), Climatix POL909 (m\u00f3dulo AWM) (todas las versiones anteriores a V11.32). Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) persistente en la interfaz web \"Server Config\" de los dispositivos afectados que podr\u00eda permitir a un atacante inyectar c\u00f3digo JavaScript arbitrario. El c\u00f3digo podr\u00eda ser ejecutado posteriormente por otro usuario (posiblemente privilegiado). La vulnerabilidad de seguridad podr\u00eda ser explotada por un atacante con acceso de red al sistema afectado. Una explotaci\u00f3n con \u00e9xito no requiere privilegios system. Un atacante podr\u00eda usar la vulnerabilidad para comprometer la confidencialidad e integridad de la sesi\u00f3n web de otros usuarios"}], "id": "CVE-2020-7574", "lastModified": "2021-03-04T20:26:41.943", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-14T20:15:15.480", "references": [{"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-886514.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "productcert@siemens.com", "type": "Secondary"}]}