VDB

CVE-2024-36140

CVE-2024-36140 PUBLISHED CVSS 6.800000190734863 MEDIUM

A vulnerability has been identified in OZW672 (All versions < V5.2), OZW772 (All versions < V5.2). The user accounts tab of affected devices is vulnerable to stored cross-site scripting (XSS) attacks. This could allow an authenticated remote attacker to inject arbitrary JavaScript code that is later executed by another authenticated victim user with potential higher privileges than the attacker.

EPSS 0.20% · 42.3th percentile

Risk Scores

CVSS v3.1
6.800000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
EPSS Score
0.20%
42.3th percentile

Affected Products

VendorProductVersions
siemensozw6720
SiemensOZW7720
siemensozw672_firmware0
siemensozw7720
SiemensOZW6720
siemensozw772_firmware0

Timeline

  • Nov 12, 2024 Coalition ESS Score
  • Nov 12, 2024 CVE Published
  • Nov 12, 2024 PoC Published
  • Nov 12, 2024 PoC Published
  • Nov 13, 2024 EPSS Score
  • Nov 14, 2024 PoC Published
  • Nov 15, 2024 Coalition ESS Score
  • Dec 2, 2024 EPSS Score
  • Dec 19, 2024 EPSS Score
  • Jan 6, 2025 EPSS Score
  • Jan 23, 2025 EPSS Score
  • Feb 10, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›