QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2020-15781

Back to search

CVE-2020-15781

Published: Aug 14, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

A vulnerability has been identified in SICAM WEB firmware for SICAM A8000 RTUs (All versions < V05.30). The login screen does not sufficiently sanitize input, which enables an attacker to generate specially crafted log messages. If an unsuspecting victim views the log messages via the web browser, these log messages might be interpreted and executed as code by the web application. This Cross-Site-Scripting (XSS) vulnerability might compromize the confidentiality, integrity and availability of the web application.

VendorProductVersions

Siemens AG

SICAM WEB firmware for SICAM A8000 RTUs

affected
All versions < V05.30

Weaknesses (CWE)

CWE-79

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now