Cross-Site Scripting (XSS) Vulnerability in SCALANCE S602, S612, S623, and S627-2M Configuration Web Server

Cross-Site Scripting (XSS) Vulnerability in SCALANCE S602, S612, S623, and S627-2M Configuration Web Server

CVE-2019-6585 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). The integrated configuration web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed.

Learn more about our Web App Pen Testing.