CVE-2020-15792

{"id": "CVE-2020-15792", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2020-10-15T19:15:12.767", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-226339.pdf", "tags": ["Vendor Advisory"], "source": "productcert@siemens.com"}, {"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-287-05", "tags": ["Third Party Advisory", "US Government Resource"], "source": "productcert@siemens.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-226339.pdf", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-287-05", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Desigo Insight (All versions). The web service does not properly apply input validation for some query parameters in a reserved area. This could allow an authenticated attacker to retrieve data via a content-based blind SQL injection attack."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en Desigo Insight (todas las versiones). El servicio web no aplica apropiadamente la comprobaci\u00f3n de entrada para algunos par\u00e1metros de consulta en un \u00e1rea reservada. Esto podr\u00eda permitir a un atacante autenticado recuperar datos por medio de un ataque de inyecci\u00f3n SQL ciego basado en contenido"}], "lastModified": "2024-11-21T05:06:11.397", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:desigo_insight:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27709FE3-EF7E-408D-9478-913FB2635E0C", "versionEndExcluding": "6.0"}, {"criteria": "cpe:2.3:a:siemens:desigo_insight:6.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA232A84-E145-4E19-A093-1D77372B4B7B"}, {"criteria": "cpe:2.3:a:siemens:desigo_insight:6.0:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45B6C775-F19C-4610-B7C0-337C61EB2700"}, {"criteria": "cpe:2.3:a:siemens:desigo_insight:6.0:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D77488A-8820-4350-980E-A09CBFEC6F97"}, {"criteria": "cpe:2.3:a:siemens:desigo_insight:6.0:sp5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D97D5112-D3BD-4EFA-90C3-CC00DEADFF78"}], "operator": "OR"}]}], "sourceIdentifier": "productcert@siemens.com"}