Vulnerabilities > CVE-2020-15793 - Unspecified vulnerability in Siemens Desigo Insight 4.0/5.0/6.0

047910
CVSS 5.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
siemens

Summary

A vulnerability has been identified in Desigo Insight (All versions). The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by tricking that user to click on a website controlled by the attacker.

Vulnerable Configurations

Part Description Count
Application
Siemens
6