Vulnerabilites related to siemens - ozw672_firmware
cve-2017-6873
Vulnerability from cvelistv5
Published
2017-08-08 00:00
Modified
2024-08-05 15:41
Severity ?
EPSS score ?
Summary
A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack on the integrated web server on port 443/tcp.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/99473 | vdb-entry, x_refsource_BID | |
| https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-563539.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | OZW672, OZW772 |
Version: OZW672, OZW772 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:41:17.674Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "99473", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99473", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-563539.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "OZW672, OZW772", vendor: "n/a", versions: [ { status: "affected", version: "OZW672, OZW772", }, ], }, ], datePublic: "2017-08-07T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack on the integrated web server on port 443/tcp.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-306", description: "CWE-306: Missing Authentication for Critical Function", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-08T09:57:01", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { name: "99473", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99473", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-563539.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2017-6873", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "OZW672, OZW772", version: { version_data: [ { version_value: "OZW672, OZW772", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack on the integrated web server on port 443/tcp.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-306: Missing Authentication for Critical Function", }, ], }, ], }, references: { reference_data: [ { name: "99473", refsource: "BID", url: "http://www.securityfocus.com/bid/99473", }, { name: "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-563539.pdf", refsource: "CONFIRM", url: "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-563539.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2017-6873", datePublished: "2017-08-08T00:00:00", dateReserved: "2017-03-13T00:00:00", dateUpdated: "2024-08-05T15:41:17.674Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-36140
Vulnerability from cvelistv5
Published
2024-11-12 12:49
Modified
2024-11-12 14:35
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
8.2 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N
8.2 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N
EPSS score ?
Summary
A vulnerability has been identified in OZW672 (All versions < V5.2), OZW772 (All versions < V5.2). The user accounts tab of affected devices is vulnerable to stored cross-site scripting (XSS) attacks.
This could allow an authenticated remote attacker to inject arbitrary JavaScript code that is later executed by another authenticated victim user with potential higher privileges than the attacker.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:h:siemens:ozw672:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ozw672", vendor: "siemens", versions: [ { lessThan: "v5.2", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ozw772:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ozw772", vendor: "siemens", versions: [ { lessThan: "v5.2", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-36140", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-12T14:33:05.874776Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T14:35:44.207Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "OZW672", vendor: "Siemens", versions: [ { lessThan: "V5.2", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "OZW772", vendor: "Siemens", versions: [ { lessThan: "V5.2", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in OZW672 (All versions < V5.2), OZW772 (All versions < V5.2). The user accounts tab of affected devices is vulnerable to stored cross-site scripting (XSS) attacks.\r\n\r\nThis could allow an authenticated remote attacker to inject arbitrary JavaScript code that is later executed by another authenticated victim user with potential higher privileges than the attacker.", }, ], metrics: [ { cvssV3_1: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N", version: "3.1", }, }, { cvssV4_0: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-12T12:49:32.130Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-230445.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-36140", datePublished: "2024-11-12T12:49:32.130Z", dateReserved: "2024-05-21T11:44:14.682Z", dateUpdated: "2024-11-12T14:35:44.207Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-6872
Vulnerability from cvelistv5
Published
2017-08-08 00:00
Modified
2024-08-05 15:41
Severity ?
EPSS score ?
Summary
A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored on the device.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/99473 | vdb-entry, x_refsource_BID | |
| https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-563539.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | OZW672, OZW772 |
Version: OZW672, OZW772 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:41:17.694Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "99473", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99473", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-563539.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "OZW672, OZW772", vendor: "n/a", versions: [ { status: "affected", version: "OZW672, OZW772", }, ], }, ], datePublic: "2017-08-07T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored on the device.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-306", description: "CWE-306: Missing Authentication for Critical Function", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-08T09:57:01", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { name: "99473", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99473", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-563539.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2017-6872", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "OZW672, OZW772", version: { version_data: [ { version_value: "OZW672, OZW772", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored on the device.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-306: Missing Authentication for Critical Function", }, ], }, ], }, references: { reference_data: [ { name: "99473", refsource: "BID", url: "http://www.securityfocus.com/bid/99473", }, { name: "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-563539.pdf", refsource: "CONFIRM", url: "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-563539.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2017-6872", datePublished: "2017-08-08T00:00:00", dateReserved: "2017-03-13T00:00:00", dateUpdated: "2024-08-05T15:41:17.694Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-13941
Vulnerability from cvelistv5
Published
2020-02-11 15:36
Modified
2024-08-05 00:05
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10.00). Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application's export function. By accessing a specific uniform resource locator on the web server, a remote attacker could be able to download a project file without prior authentication. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected system. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-986695.pdf | x_refsource_MISC | |
| https://www.us-cert.gov/ics/advisories/icsa-20-042-09 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens AG | OZW672 |
Version: All versions < V10.00 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:05:43.901Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-986695.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.us-cert.gov/ics/advisories/icsa-20-042-09", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "OZW672", vendor: "Siemens AG", versions: [ { status: "affected", version: "All versions < V10.00", }, ], }, { product: "OZW772", vendor: "Siemens AG", versions: [ { status: "affected", version: "All versions < V10.00", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10.00). Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application's export function. By accessing a specific uniform resource locator on the web server, a remote attacker could be able to download a project file without prior authentication. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected system. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-552", description: "CWE-552: Files or Directories Accessible to External Parties", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-10T19:16:14", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-986695.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://www.us-cert.gov/ics/advisories/icsa-20-042-09", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2019-13941", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "OZW672", version: { version_data: [ { version_value: "All versions < V10.00", }, ], }, }, { product_name: "OZW772", version: { version_data: [ { version_value: "All versions < V10.00", }, ], }, }, ], }, vendor_name: "Siemens AG", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10.00). Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application's export function. By accessing a specific uniform resource locator on the web server, a remote attacker could be able to download a project file without prior authentication. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected system. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-552: Files or Directories Accessible to External Parties", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-986695.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-986695.pdf", }, { name: "https://www.us-cert.gov/ics/advisories/icsa-20-042-09", refsource: "MISC", url: "https://www.us-cert.gov/ics/advisories/icsa-20-042-09", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2019-13941", datePublished: "2020-02-11T15:36:10", dateReserved: "2019-07-18T00:00:00", dateUpdated: "2024-08-05T00:05:43.901Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-1488
Vulnerability from cvelistv5
Published
2016-01-30 11:00
Modified
2024-08-05 22:55
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the login form in the integrated web server on Siemens OZW OZW672 devices before 6.00 and OZW772 devices before 6.00 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-16-019-01 | x_refsource_MISC | |
| http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-743465.pdf | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:55:14.509Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-16-019-01", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-743465.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-01-19T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the login form in the integrated web server on Siemens OZW OZW672 devices before 6.00 and OZW772 devices before 6.00 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-01-30T11:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-16-019-01", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-743465.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-1488", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in the login form in the integrated web server on Siemens OZW OZW672 devices before 6.00 and OZW772 devices before 6.00 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://ics-cert.us-cert.gov/advisories/ICSA-16-019-01", refsource: "MISC", url: "https://ics-cert.us-cert.gov/advisories/ICSA-16-019-01", }, { name: "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-743465.pdf", refsource: "CONFIRM", url: "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-743465.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-1488", datePublished: "2016-01-30T11:00:00", dateReserved: "2016-01-04T00:00:00", dateUpdated: "2024-08-05T22:55:14.509Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2017-08-08 00:29
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored on the device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | http://www.securityfocus.com/bid/99473 | Third Party Advisory, VDB Entry | |
| productcert@siemens.com | https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-563539.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99473 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-563539.pdf | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | ozw772_firmware | - | |
| siemens | ozw772 | - | |
| siemens | ozw672_firmware | - | |
| siemens | ozw672 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ozw772_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0BD525AE-EFE3-45DA-A282-40509B4EEFB6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ozw772:-:*:*:*:*:*:*:*", matchCriteriaId: "D76AA89B-3B42-4A6D-858D-63F503D8F953", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ozw672_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "917679B1-91CD-4A63-A336-85EED243837A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ozw672:-:*:*:*:*:*:*:*", matchCriteriaId: "2B44996E-361B-4A33-BCBA-E834612D891E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored on the device.", }, { lang: "es", value: "Se ha descubierto una vulnerabilidad en Siemens OZW672 (todas las versiones) y OZW772 (todas las versiones) que podría permitir que un atacante con acceso al puerto 21/tcp accediese o alterase el histórico de datos de medición guardado en el dispositivo.", }, ], id: "CVE-2017-6872", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-08-08T00:29:00.290", references: [ { source: "productcert@siemens.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99473", }, { source: "productcert@siemens.com", tags: [ "Vendor Advisory", ], url: "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-563539.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99473", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-563539.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-306", }, ], source: "productcert@siemens.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-668", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-01-30 12:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the login form in the integrated web server on Siemens OZW OZW672 devices before 6.00 and OZW772 devices before 6.00 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-743465.pdf | Vendor Advisory | |
| cve@mitre.org | https://ics-cert.us-cert.gov/advisories/ICSA-16-019-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-743465.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-16-019-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | ozw672 | - | |
| siemens | ozw672_firmware | * | |
| siemens | ozw772 | - | |
| siemens | ozw772_firmware | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ozw672:-:*:*:*:*:*:*:*", matchCriteriaId: "2B44996E-361B-4A33-BCBA-E834612D891E", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ozw672_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7334FDED-A93B-49F4-9FA6-3407DBCC336E", versionEndIncluding: "5.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ozw772:-:*:*:*:*:*:*:*", matchCriteriaId: "D76AA89B-3B42-4A6D-858D-63F503D8F953", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ozw772_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1E55E919-90FC-46F8-92F0-20876D392646", versionEndIncluding: "5.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the login form in the integrated web server on Siemens OZW OZW672 devices before 6.00 and OZW772 devices before 6.00 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.", }, { lang: "es", value: "Vulnerabilidad de XSS en el formulario de inicio de sesión en el servidor web integrado en dispositivos Siemens OZW OZW672 en versiones anteriores a 6.00 y OZW772 en versiones anteriores a 6.00 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada.", }, ], id: "CVE-2016-1488", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-01-30T12:59:03.103", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-743465.pdf", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-16-019-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-743465.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-16-019-01", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-02-11 16:15
Modified
2024-11-21 04:25
Severity ?
Summary
A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10.00). Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application's export function. By accessing a specific uniform resource locator on the web server, a remote attacker could be able to download a project file without prior authentication. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected system. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-986695.pdf | Vendor Advisory | |
| productcert@siemens.com | https://www.us-cert.gov/ics/advisories/icsa-20-042-09 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-986695.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-20-042-09 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | ozw672_firmware | * | |
| siemens | ozw672 | - | |
| siemens | ozw772_firmware | * | |
| siemens | ozw772 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ozw672_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FFD10BFF-BF2A-45DA-AF54-274A770D3C6C", versionEndExcluding: "10.00", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ozw672:-:*:*:*:*:*:*:*", matchCriteriaId: "2B44996E-361B-4A33-BCBA-E834612D891E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ozw772_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACA47579-4868-4B8E-BC4C-3A3280E9FC5D", versionEndExcluding: "10.00", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ozw772:-:*:*:*:*:*:*:*", matchCriteriaId: "D76AA89B-3B42-4A6D-858D-63F503D8F953", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10.00). Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application's export function. By accessing a specific uniform resource locator on the web server, a remote attacker could be able to download a project file without prior authentication. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected system. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system.", }, { lang: "es", value: "Se ha identificado una vulnerabilidad en OZW672 (Todas las versiones anteriores a V10.00), OZW772 (Todas las versiones anteriores a V10.00). Las versiones vulnerables de OZW Web Server utilizan nombres de ruta predecibles para archivos de proyecto que los usuarios autenticados legítimamente han creado usando la función de exportación de la aplicación. Mediante el acceso a un localizador de recursos uniforme específico en el servidor web, un atacante remoto podría descargar un archivo de proyecto sin una autenticación previa. La vulnerabilidad de seguridad podría ser explotada por parte de un atacante no autenticado con acceso de red al sistema afectado. No es requerida una interacción del usuario para explotar esta vulnerabilidad de seguridad. Una explotación con éxito de la vulnerabilidad de seguridad compromete la confidencialidad del sistema objetivo.", }, ], id: "CVE-2019-13941", lastModified: "2024-11-21T04:25:44.447", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-02-11T16:15:14.897", references: [ { source: "productcert@siemens.com", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-986695.pdf", }, { source: "productcert@siemens.com", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.us-cert.gov/ics/advisories/icsa-20-042-09", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-986695.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.us-cert.gov/ics/advisories/icsa-20-042-09", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-552", }, ], source: "productcert@siemens.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-552", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-11-12 13:15
Modified
2024-11-15 22:53
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability has been identified in OZW672 (All versions < V5.2), OZW772 (All versions < V5.2). The user accounts tab of affected devices is vulnerable to stored cross-site scripting (XSS) attacks.
This could allow an authenticated remote attacker to inject arbitrary JavaScript code that is later executed by another authenticated victim user with potential higher privileges than the attacker.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/html/ssa-230445.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | ozw672_firmware | * | |
| siemens | ozw672 | - | |
| siemens | ozw772_firmware | * | |
| siemens | ozw772 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ozw672_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "79643F49-38EC-4BC7-9EB4-6586505B6D76", versionEndExcluding: "5.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ozw672:-:*:*:*:*:*:*:*", matchCriteriaId: "2B44996E-361B-4A33-BCBA-E834612D891E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ozw772_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C6D46204-8631-4874-98E4-112595A1BDEB", versionEndExcluding: "5.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ozw772:-:*:*:*:*:*:*:*", matchCriteriaId: "D76AA89B-3B42-4A6D-858D-63F503D8F953", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in OZW672 (All versions < V5.2), OZW772 (All versions < V5.2). The user accounts tab of affected devices is vulnerable to stored cross-site scripting (XSS) attacks.\r\n\r\nThis could allow an authenticated remote attacker to inject arbitrary JavaScript code that is later executed by another authenticated victim user with potential higher privileges than the attacker.", }, { lang: "es", value: "Se ha identificado una vulnerabilidad en OZW672 (todas las versiones anteriores a la V5.2) y OZW772 (todas las versiones anteriores a la V5.2). La pestaña de cuentas de usuario de los dispositivos afectados es vulnerable a ataques de Cross Site Scripting (XSS) almacenado. Esto podría permitir que un atacante remoto autenticado inyecte código JavaScript arbitrario que luego ejecuta otro usuario víctima autenticado con posibles privilegios superiores a los del atacante.", }, ], id: "CVE-2024-36140", lastModified: "2024-11-15T22:53:26.063", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 4, source: "productcert@siemens.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 8.2, baseSeverity: "HIGH", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "HIGH", userInteraction: "PASSIVE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "HIGH", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "productcert@siemens.com", type: "Secondary", }, ], }, published: "2024-11-12T13:15:07.957", references: [ { source: "productcert@siemens.com", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-230445.html", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "productcert@siemens.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-08-08 00:29
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack on the integrated web server on port 443/tcp.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | http://www.securityfocus.com/bid/99473 | Third Party Advisory, VDB Entry | |
| productcert@siemens.com | https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-563539.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99473 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-563539.pdf | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | ozw772_firmware | - | |
| siemens | ozw772 | - | |
| siemens | ozw672_firmware | - | |
| siemens | ozw672 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ozw772_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0BD525AE-EFE3-45DA-A282-40509B4EEFB6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ozw772:-:*:*:*:*:*:*:*", matchCriteriaId: "D76AA89B-3B42-4A6D-858D-63F503D8F953", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ozw672_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "917679B1-91CD-4A63-A336-85EED243837A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ozw672:-:*:*:*:*:*:*:*", matchCriteriaId: "2B44996E-361B-4A33-BCBA-E834612D891E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack on the integrated web server on port 443/tcp.", }, { lang: "es", value: "Se ha descubierto una vulnerabilidad en Siemens OZW672 (todas las versiones) y OZW772 (todas las versiones) que podría permitir que un atacante leyese y manipulase datos en una sesión TLS mientras realiza un ataque Man-in-the-Middle (MitM) en el servidor web integrado en el puerto 443/tcp.", }, ], id: "CVE-2017-6873", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-08-08T00:29:00.320", references: [ { source: "productcert@siemens.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99473", }, { source: "productcert@siemens.com", tags: [ "Vendor Advisory", ], url: "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-563539.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99473", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-563539.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-306", }, ], source: "productcert@siemens.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }