Sign-up

ID

VAR-202008-0307


CVE

CVE-2020-15781


TITLE

SICAM A8000 RTUs for SICAM WEB Cross-site scripting vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2020-009610

DESCRIPTION

A vulnerability has been identified in SICAM WEB firmware for SICAM A8000 RTUs (All versions < V05.30). The login screen does not sufficiently sanitize input, which enables an attacker to generate specially crafted log messages. If an unsuspecting victim views the log messages via the web browser, these log messages might be interpreted and executed as code by the web application. This Cross-Site-Scripting (XSS) vulnerability might compromize the confidentiality, integrity and availability of the web application. SICAM A8000 RTUs for SICAM WEB A cross-site scripting vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The SICAM A8000 RTU (Remote Terminal Equipment) series is a modular equipment series suitable for remote control and automation applications in all energy supply fields. The vulnerability is due to the failure of the login screen to adequately filter the input

Trust: 2.16

sources: NVD: CVE-2020-15781 // JVNDB: JVNDB-2020-009610 // CNVD: CNVD-2020-45701

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-45701

AFFECTED PRODUCTS

vendor:siemensmodel:sicam a8000scope:ltversion:05.30

Trust: 1.0

vendor:siemensmodel:sicam a8000scope:eqversion:05.30

Trust: 0.8

vendor:siemensmodel:sicam web for sicam a8000 rtusscope:ltversion:v05.30

Trust: 0.6

sources: CNVD: CNVD-2020-45701 // JVNDB: JVNDB-2020-009610 // NVD: CVE-2020-15781

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-15781
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-009610
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-45701
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202008-578
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-15781
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-009610
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-45701
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-15781
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-009610
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-45701 // JVNDB: JVNDB-2020-009610 // CNNVD: CNNVD-202008-578 // NVD: CVE-2020-15781

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2020-009610 // NVD: CVE-2020-15781

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-578

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202008-578

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-009610

PATCH
title:SSA-370042url:https://cert-portal.siemens.com/productcert/pdf/ssa-370042.pdf
Trust: 0.8
title:Patch for Siemens SICAM A8000 RTU cross-site scripting vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/230224
Trust: 0.6
title:Siemens SICAM A8000 RTUs Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126220
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-45701 // 
            
            
            
            JVNDB: JVNDB-2020-009610 // 
            
            
            
            CNNVD: CNNVD-202008-578

EXTERNAL IDS
db:NVDid:CVE-2020-15781
Trust: 3.0
db:SIEMENSid:SSA-370042
Trust: 2.2
db:ICS CERTid:ICSA-20-224-08
Trust: 1.4
db:JVNid:JVNVU96514651
Trust: 0.8
db:JVNDBid:JVNDB-2020-009610
Trust: 0.8
db:CNVDid:CNVD-2020-45701
Trust: 0.6
db:AUSCERTid:ESB-2020.2777
Trust: 0.6
db:CNNVDid:CNNVD-202008-578
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-45701 // 
            
            
            
            JVNDB: JVNDB-2020-009610 // 
            
            
            
            CNNVD: CNNVD-202008-578 // 
            
            
            
            NVD: CVE-2020-15781

REFERENCES
url:https://cert-portal.siemens.com/productcert/pdf/ssa-370042.pdf
Trust: 2.2
url:https://us-cert.cisa.gov/ics/advisories/icsa-20-224-08
Trust: 1.4
url:https://nvd.nist.gov/vuln/detail/cve-2020-15781
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-15781
Trust: 0.8
url:https://jvn.jp/vu/jvnvu96514651/
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2777/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-45701 // 
            
            
            
            JVNDB: JVNDB-2020-009610 // 
            
            
            
            CNNVD: CNNVD-202008-578 // 
            
            
            
            NVD: CVE-2020-15781

SOURCES
db:CNVDid:CNVD-2020-45701
db:JVNDBid:JVNDB-2020-009610
db:CNNVDid:CNNVD-202008-578
db:NVDid:CVE-2020-15781

LAST UPDATE DATE
2024-11-23T20:09:39.819000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-45701date:2020-08-12T00:00:00
db:JVNDBid:JVNDB-2020-009610date:2020-11-20T07:22:38
db:CNNVDid:CNNVD-202008-578date:2021-01-05T00:00:00
db:NVDid:CVE-2020-15781date:2024-11-21T05:06:10.020

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-45701date:2020-08-12T00:00:00
db:JVNDBid:JVNDB-2020-009610date:2020-11-20T07:22:38
db:CNNVDid:CNNVD-202008-578date:2020-08-11T00:00:00
db:NVDid:CVE-2020-15781date:2020-08-14T16:15:16.853