First published: Tue Mar 10 2020(Updated: )
A vulnerability has been identified in Spectrum Power™ 5 (All versions < v5.50 HF02). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. If deployed according to recommended system configuration, Siemens consideres the environmental vector as CR:L/IR:M/AR:H/MAV:A (4.1).
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Spectrum Power 5 | <=5.50 | |
Siemens Spectrum Power 5 | =5.50-hf01 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2020-7579.
The severity of CVE-2020-7579 is medium (score 6.1).
The affected software is Siemens Spectrum Power 5 (All versions < v5.50 HF02) and Siemens Spectrum Power 5 version 5.50-hf01.
The vulnerability can be exploited through Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link.
To fix CVE-2020-7579, upgrade to Siemens Spectrum Power 5 version v5.50 HF02 or a later version.