Details of VAR-201812-0390

ID

VAR-201812-0390

CVE

CVE-2018-16555

TITLE

plural SCALANCE Product cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-014529

DESCRIPTION

A vulnerability has been identified in SCALANCE S602 (All versions < V4.0.1.1), SCALANCE S612 (All versions < V4.0.1.1), SCALANCE S623 (All versions < V4.0.1.1), SCALANCE S627-2M (All versions < V4.0.1.1). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known. plural SCALANCE The product contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. SiemensSCALANCES602 and other Siemens are the Ethernet security modules of Siemens. A cross-site scripting vulnerability exists in several Siemens products that can be exploited by a remote attacker to inject arbitrary scripts with malicious links. Siemens SCALANCE S is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The following products are affected: Siemens SCALANCE S602 versions prior to v4.0.1.1 Siemens SCALANCE S612 versions prior to v4.0.1.1 Siemens SCALANCE S623 versions prior to v4.0.1.1 Siemens SCALANCE S627-2M versions prior to v4.0.1.1

Trust: 2.43

sources: NVD: CVE-2018-16555 // JVNDB: JVNDB-2018-014529 // CNVD: CNVD-2018-25913 // BID: 105937

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-25913

AFFECTED PRODUCTS

vendor:	siemens	model:	scalance s623	scope:	lt	version:	4.0.1.1	Trust: 2.4
vendor:	siemens	model:	scalance s612	scope:	lt	version:	4.0.1.1	Trust: 2.4
vendor:	siemens	model:	scalance s627-2m	scope:	lt	version:	4.0.1.1	Trust: 2.4
vendor:	siemens	model:	scalance s602	scope:	lt	version:	4.0.1.1	Trust: 1.4
vendor:	siemens	model:	scalance s602	scope:	lt	version:	v4.0.1.1	Trust: 1.0
vendor:	siemens	model:	scalance s627-2m	scope:	eq	version:	4.0	Trust: 0.3
vendor:	siemens	model:	scalance s623	scope:	eq	version:	4.0	Trust: 0.3
vendor:	siemens	model:	scalance s612	scope:	eq	version:	4.0	Trust: 0.3
vendor:	siemens	model:	scalance s602	scope:	eq	version:	4.0	Trust: 0.3
vendor:	siemens	model:	scalance s627-2m	scope:	ne	version:	4.0.1.1	Trust: 0.3
vendor:	siemens	model:	scalance s623	scope:	ne	version:	4.0.1.1	Trust: 0.3
vendor:	siemens	model:	scalance s612	scope:	ne	version:	4.0.1.1	Trust: 0.3
vendor:	siemens	model:	scalance s602	scope:	ne	version:	4.0.1.1	Trust: 0.3

sources: CNVD: CNVD-2018-25913 // BID: 105937 // JVNDB: JVNDB-2018-014529 // NVD: CVE-2018-16555

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-16555
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-16555
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-25913
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201811-487
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2018-16555
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-25913
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2018-16555
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-25913 // JVNDB: JVNDB-2018-014529 // CNNVD: CNNVD-201811-487 // NVD: CVE-2018-16555

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.8
problemtype:	CWE-80	Trust: 1.0

sources: JVNDB: JVNDB-2018-014529 // NVD: CVE-2018-16555

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-487

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201811-487

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014529

PATCH

title:	SSA-242982	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-242982.pdf	Trust: 0.8
title:	Patches for multiple Siemens product cross-site scripting vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/147645	Trust: 0.6
title:	Multiple Siemens Fixes for product cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86888	Trust: 0.6

sources: CNVD: CNVD-2018-25913 // JVNDB: JVNDB-2018-014529 // CNNVD: CNNVD-201811-487

EXTERNAL IDS

db:	NVD	id:	CVE-2018-16555	Trust: 3.3
db:	BID	id:	105937	Trust: 1.9
db:	ICS CERT	id:	ICSA-18-317-04	Trust: 1.7
db:	SIEMENS	id:	SSA-242982	Trust: 1.6
db:	JVNDB	id:	JVNDB-2018-014529	Trust: 0.8
db:	CNVD	id:	CNVD-2018-25913	Trust: 0.6
db:	CNNVD	id:	CNNVD-201811-487	Trust: 0.6

sources: CNVD: CNVD-2018-25913 // BID: 105937 // JVNDB: JVNDB-2018-014529 // CNNVD: CNNVD-201811-487 // NVD: CVE-2018-16555

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-317-04	Trust: 1.7
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-242982.pdf	Trust: 1.6
url:	http://www.securityfocus.com/bid/105937	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16555	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16555	Trust: 0.8
url:	http://subscriber.communications.siemens.com/	Trust: 0.3

sources: CNVD: CNVD-2018-25913 // BID: 105937 // JVNDB: JVNDB-2018-014529 // CNNVD: CNNVD-201811-487 // NVD: CVE-2018-16555

CREDITS

Nelson Berg of Applied Risk

Trust: 0.3

sources: BID: 105937

SOURCES

db:	CNVD	id:	CNVD-2018-25913
db:	BID	id:	105937
db:	JVNDB	id:	JVNDB-2018-014529
db:	CNNVD	id:	CNNVD-201811-487
db:	NVD	id:	CVE-2018-16555

LAST UPDATE DATE

2024-08-14T15:18:12.911000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-25913	date:	2018-12-20T00:00:00
db:	BID	id:	105937	date:	2018-11-13T00:00:00
db:	JVNDB	id:	JVNDB-2018-014529	date:	2019-03-26T00:00:00
db:	CNNVD	id:	CNNVD-201811-487	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-16555	date:	2019-10-09T23:36:14.360

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-25913	date:	2018-12-20T00:00:00
db:	BID	id:	105937	date:	2018-11-13T00:00:00
db:	JVNDB	id:	JVNDB-2018-014529	date:	2019-03-26T00:00:00
db:	CNNVD	id:	CNNVD-201811-487	date:	2018-11-15T00:00:00
db:	NVD	id:	CVE-2018-16555	date:	2018-12-13T16:29:00.460