Vulnerabilities > CVE-2020-15793 - Improper Restriction of Rendered UI Layers or Frames vulnerability in Siemens Desigo Insight 4.0/5.0/6.0

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

siemens

CWE-1021

NVD

Published: 2020-10-15

Updated: 2020-10-21

Summary

A vulnerability has been identified in Desigo Insight (All versions). The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by tricking that user to click on a website controlled by the attacker.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Desigo Insight 6.0 Siemens Desigo Insight 4.0 Siemens Desigo Insight 5.0	6

Common Weakness Enumeration (CWE)

CWE-1021 - Improper Restriction of Rendered UI Layers or Frames

References

https://cert-portal.siemens.com/productcert/pdf/ssa-226339.pdf
https://us-cert.cisa.gov/ics/advisories/icsa-20-287-05