CVE-2020-7575 - OpenCVE

A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions < V11.32). A persistent cross-site scripting (XSS) vulnerability exists in the web server access log page of the affected devices that could allow an attacker to inject arbitrary JavaScript code via specially crafted GET requests. The code could be potentially executed later by another (privileged) user. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires no system privileges. An attacker could use the vulnerability to compromise the confidentiality and integrity of other users' web sessions.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens	Climatix Pol908 Climatix Pol908 Firmware Climatix Pol909 Climatix Pol909 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:siemens:climatix_pol908_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:climatix_pol908:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:siemens:climatix_pol909:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:climatix_pol909_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-886514.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2020-04-14T19:50:54

Updated: 2024-08-04T09:33:19.843Z

Reserved: 2020-01-21T00:00:00

Link: CVE-2020-7575

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-04-14T20:15:15.543

Modified: 2021-03-04T20:26:27.443

Link: CVE-2020-7575

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Climatix POL908 (BACnet/IP module)", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions"}]}, {"product": "Climatix POL909 (AWM module)", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V11.32"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions < V11.32). A persistent cross-site scripting (XSS) vulnerability exists in the web server access log page of the affected devices that could allow an attacker to inject arbitrary JavaScript code via specially crafted GET requests. The code could be potentially executed later by another (privileged) user. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires no system privileges. An attacker could use the vulnerability to compromise the confidentiality and integrity of other users' web sessions."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-80", "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-02-09T15:38:21", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-886514.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-7575", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Climatix POL908 (BACnet/IP module)", "version": {"version_data": [{"version_value": "All versions"}]}}, {"product_name": "Climatix POL909 (AWM module)", "version": {"version_data": [{"version_value": "All versions < V11.32"}]}}]}, "vendor_name": "Siemens"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions < V11.32). A persistent cross-site scripting (XSS) vulnerability exists in the web server access log page of the affected devices that could allow an attacker to inject arbitrary JavaScript code via specially crafted GET requests. The code could be potentially executed later by another (privileged) user. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires no system privileges. An attacker could use the vulnerability to compromise the confidentiality and integrity of other users' web sessions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"}]}]}, "references": {"reference_data": [{"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-886514.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-886514.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:33:19.843Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-886514.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-7575", "datePublished": "2020-04-14T19:50:54", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2024-08-04T09:33:19.843Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:climatix_pol908_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "10406062-CF18-409F-825F-5C24F676E710", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:climatix_pol908:-:*:*:*:*:*:*:*", "matchCriteriaId": "51BC0394-A0B0-4B0D-976C-84606340736A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:climatix_pol909:-:*:*:*:*:*:*:*", "matchCriteriaId": "256380A1-0197-4FED-AF9B-E05D59C7D1F1", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:climatix_pol909_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B6DF9014-C729-4CBF-8EBF-BBC960BFED12", "versionEndExcluding": "11.32", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions < V11.32). A persistent cross-site scripting (XSS) vulnerability exists in the web server access log page of the affected devices that could allow an attacker to inject arbitrary JavaScript code via specially crafted GET requests. The code could be potentially executed later by another (privileged) user. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires no system privileges. An attacker could use the vulnerability to compromise the confidentiality and integrity of other users' web sessions."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en Climatix POL908 (m\u00f3dulo BACnet/IP) (todas las versiones), Climatix POL909 (m\u00f3dulo AWM) (todas las versiones anteriores a V11.32). Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) persistente en la p\u00e1gina de registro de acceso al servidor web de los dispositivos afectados que podr\u00eda permitir a un atacante inyectar c\u00f3digo JavaScript arbitrario por medio de peticiones GET especialmente dise\u00f1adas. El c\u00f3digo podr\u00eda ser ejecutado posteriormente por otro usuario (privilegiado). La vulnerabilidad de seguridad podr\u00eda ser explotada por un atacante con acceso de red al sistema afectado. Una explotaci\u00f3n con \u00e9xito no requiere privilegios system. Un atacante podr\u00eda utilizar la vulnerabilidad para comprometer la confidencialidad e integridad de las sesiones web de otros usuarios."}], "id": "CVE-2020-7575", "lastModified": "2021-03-04T20:26:27.443", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-14T20:15:15.543", "references": [{"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-886514.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-80"}], "source": "productcert@siemens.com", "type": "Secondary"}]}