VDB
CVE-2019-10933
CVE-2019-10933
PUBLISHED
CVSS 6.099999904632568 MEDIUM
A vulnerability has been identified in Spectrum Power 3 (Corporate User Interface) (All versions <= v3.11), Spectrum Power 4 (Corporate User Interface) (Version v4.75), Spectrum Power 5 (Corporate User Interface) (All versions <= v5.50), Spectrum Power 7 (Corporate User Interface) (All versions <= v2.20). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user does not need to be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known.
EPSS 0.27% · 50.3th percentile
Risk Scores
CVSS 3.0
6.099999904632568
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.27%
50.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens AG | Spectrum Power 7 (Corporate User Interface) | All versions <= v2.20 |
| siemens | spectrum_power_7 | 0 |
| siemens | spectrum_power_5 | 0 |
| siemens | spectrum_power_3 | 0 |
| Siemens AG | Spectrum Power 3 (Corporate User Interface) | All versions <= v3.11 |
| Siemens AG | Spectrum Power 5 (Corporate User Interface) | All versions < v5.50 |
| siemens | spectrum_power_4 | 0 |
| Siemens AG | Spectrum Power 4 (Corporate User Interface) | Version v4.75 |
Exploit Intelligence
- Exploit for cve-2013-0169 (github-poc)
- Exploit for cve-2013-0169 (github-poc)
- Exploit for cve-2013-0169 (github-poc)
- Exploit for cve-2013-0169 (github-poc)
- Exploit for cve-2013-0169 (github-poc)
- :muscle: Proof Of Concept of the BEAST attack against SSL/TLS CVE-2011-3389 :muscle: (github-poc)
- :muscle: Proof Of Concept of the BEAST attack against SSL/TLS CVE-2011-3389 :muscle: (github-poc)
- :muscle: Proof Of Concept of the BEAST attack against SSL/TLS CVE-2011-3389 :muscle: (github-poc)
- :muscle: Proof Of Concept of the BEAST attack against SSL/TLS CVE-2011-3389 :muscle: (github-poc)
- :muscle: Proof Of Concept of the BEAST attack against SSL/TLS CVE-2011-3389 :muscle: (github-poc)
…and 11 more exploits
Timeline
- Jul 9, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-121293.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-721298.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-747162.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-10933 advisory