CVE-2020-7575 : A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All v

A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions < V11.32). A persistent cross-site scripting (XSS) vulnerability exists in the web server access log page of the affected devices that could allow an attacker to inject arbitrary JavaScript code via specially crafted GET requests. The code could be potentially executed later by another (privileged) user. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires no system privileges. An attacker could use the vulnerability to compromise the confidentiality and integrity of other users' web sessions.

Published 2020-04-14 20:15:16

Updated 2021-03-04 20:26:27

Source Siemens AG

View at NVD, CVE.org

Vulnerability category: Cross site scripting (XSS)

Products affected by CVE-2020-7575

Siemens » Climatix Pol908 Firmware
cpe:2.3:o:siemens:climatix_pol908_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Climatix Pol908 » Version: N/A
Siemens » Climatix Pol909 Firmware
Versions before (<) 11.32
cpe:2.3:o:siemens:climatix_pol909_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Climatix Pol909 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2020-7575

EPSS FAQ

0.32%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 52 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-7575

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
6.1	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	2.8	2.7	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality: Low Integrity: Low Availability: None

CWE ids for CVE-2020-7575

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Assigned by: nvd@nist.gov (Primary)
CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

Assigned by: productcert@siemens.com (Secondary)

References for CVE-2020-7575

https://cert-portal.siemens.com/productcert/pdf/ssa-886514.pdf

Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2020-7575

Products affected by CVE-2020-7575

Exploit prediction scoring system (EPSS) score for CVE-2020-7575

CVSS scores for CVE-2020-7575

CWE ids for CVE-2020-7575

References for CVE-2020-7575