cvelist/2018/4xxx/CVE-2018-4842.json

{
    "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "ID": "CVE-2018-4842",
        "STATE": "PUBLIC"
    },
    "data_format": "MITRE",
    "data_version": "4.0",
    "data_type": "CVE",
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Siemens",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "All versions < V5.4.1"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "SCALANCE X-200RNA switch family",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "All versions < V3.2.7"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "All versions < V4.1.3"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
                    }
                ]
            }
        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A vulnerability has been identified in SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). A remote, authenticated attacker with access to the configuration web\nserver could be able to store script code on the web site, if the HRP redundancy \noption is set. This code could be executed in the web browser of victims visiting \nthis web site (XSS), affecting its confidentiality, integrity and availability. \n\nUser interaction is required for successful exploitation, as the user needs\nto visit the manipulated web site. At the stage of publishing this security\nadvisory no public exploitation is known. The vendor has confirmed the\nvulnerability and provides mitigations to resolve it."
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf",
                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf"
            },
            {
                "refsource": "BID",
                "name": "104494",
                "url": "https://www.securityfocus.com/bid/104494"
            }
        ]
    }
}
- Synchronized data. 2018-01-02 18:04:04 -05:00			`{`
"-Synchronized-Data." 2019-03-17 21:48:30 +00:00			`"CVE_data_meta": {`
			`"ASSIGNER": "productcert@siemens.com",`
			`"ID": "CVE-2018-4842",`
			`"STATE": "PUBLIC"`
			`},`
Siemens CVE update for Siemens-AD-2020-01 2020-01-16 15:18:50 +01:00			`"data_format": "MITRE",`
			`"data_version": "4.0",`
			`"data_type": "CVE",`
"-Synchronized-Data." 2019-03-17 21:48:30 +00:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
Siemens AD-2022-12 2022-12-13 17:05:36 +01:00			`"vendor_name": "Siemens",`
"-Synchronized-Data." 2019-03-17 21:48:30 +00:00			`"product": {`
			`"product_data": [`
			`{`
Siemens CVE update for Siemens-AD-2020-01 2020-01-16 15:18:50 +01:00			`"product_name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)",`
"-Synchronized-Data." 2019-03-17 21:48:30 +00:00			`"version": {`
			`"version_data": [`
			`{`
Siemens CVE update for Siemens-AD-2020-01 2020-01-16 15:18:50 +01:00			`"version_value": "All versions < V5.4.1"`
			`}`
			`]`
			`}`
			`},`
Siemens AD-2022-12 2022-12-13 17:05:36 +01:00			`{`
			`"product_name": "SCALANCE X-200RNA switch family",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "All versions < V3.2.7"`
			`}`
			`]`
			`}`
			`},`
Siemens CVE update for Siemens-AD-2020-01 2020-01-16 15:18:50 +01:00			`{`
			`"product_name": "SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)",`
			`"version": {`
			`"version_data": [`
"-Synchronized-Data." 2019-03-17 21:48:30 +00:00			`{`
Siemens CVE update for Siemens-AD-2020-01 2020-01-16 15:18:50 +01:00			`"version_value": "All versions < V4.1.3"`
"-Synchronized-Data." 2019-03-17 21:48:30 +00:00			`}`
			`]`
			`}`
			`}`
			`]`
Siemens CVE update for Siemens-AD-2020-01 2020-01-16 15:18:50 +01:00			`}`
"-Synchronized-Data." 2019-03-17 21:48:30 +00:00			`}`
			`]`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"`
			`}`
			`]`
			`}`
			`]`
			`},`
Siemens CVE update for Siemens-AD-2020-01 2020-01-16 15:18:50 +01:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
Siemens AD-2022-12 2022-12-13 17:05:36 +01:00			"value": "A vulnerability has been identified in SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). A remote, authenticated attacker with access to the configuration web\nserver could be able to store script code on the web site, if the HRP redundancy \noption is set. This code could be executed in the web browser of victims visiting \nthis web site (XSS), affecting its confidentiality, integrity and availability. \n\nUser interaction is required for successful exploitation, as the user needs\nto visit the manipulated web site. At the stage of publishing this security\nadvisory no public exploitation is known. The vendor has confirmed the\nvulnerability and provides mitigations to resolve it."
Siemens CVE update for Siemens-AD-2020-01 2020-01-16 15:18:50 +01:00			`}`
			`]`
			`},`
"-Synchronized-Data." 2019-03-17 21:48:30 +00:00			`"references": {`
			`"reference_data": [`
			`{`
"-Synchronized-Data." 2020-01-16 16:01:22 +00:00			`"refsource": "MISC",`
			`"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf",`
			`"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf"`
			`},`
			`{`
			`"refsource": "BID",`
			`"name": "104494",`
			`"url": "https://www.securityfocus.com/bid/104494"`
"-Synchronized-Data." 2019-03-17 21:48:30 +00:00			`}`
			`]`
			`}`
			`}`