VDB
CVE-2020-15781
CVE-2020-15781
PUBLISHED
CVSS 9.600000381469727 CRITICAL
A vulnerability has been identified in SICAM WEB firmware for SICAM A8000 RTUs (All versions < V05.30). The login screen does not sufficiently sanitize input, which enables an attacker to generate specially crafted log messages. If an unsuspecting victim views the log messages via the web browser, these log messages might be interpreted and executed as code by the web application. This Cross-Site-Scripting (XSS) vulnerability might compromize the confidentiality, integrity and availability of the web application.
EPSS 0.50% · 66.5th percentile
Risk Scores
CVSS v3.1
9.600000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score
0.50%
66.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens AG | SICAM WEB firmware for SICAM A8000 RTUs | All versions < V05.30 |
| siemens | sicam_a8000_firmware | 0 |
Timeline
- Aug 11, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-370042.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-786743.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-388646.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf advisory
- https://nvd.nist.gov/vuln/detail/CVE-2020-15781 advisory