Cross-site scripting (XSS) vulnerability in the login form in the integrated web server on Siemens OZW OZW672 devices before 6.00 and OZW772 devices before 6.00 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
Link | Resource |
---|---|
http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-743465.pdf | Vendor Advisory |
https://ics-cert.us-cert.gov/advisories/ICSA-16-019-01 | Third Party Advisory US Government Resource |
Configurations
History
No history.
Information
Published : 2016-01-30 12:59
Updated : 2024-02-04 18:53
NVD link : CVE-2016-1488
Mitre link : CVE-2016-1488
CVE.ORG link : CVE-2016-1488
JSON object : View
Products Affected
siemens
- ozw672_firmware
- ozw672
- ozw772
- ozw772_firmware
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')