CVE-2020-15793

A vulnerability has been identified in Desigo Insight (All versions). The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by tricking that user to click on a website controlled by the attacker.
Configurations

Configuration 1

cpe:2.3:a:siemens:desigo_insight:6.0:sp2:*:*:*:*:*:*
cpe:2.3:a:siemens:desigo_insight:6.0:sp3:*:*:*:*:*:*
cpe:2.3:a:siemens:desigo_insight:6.0:sp5:*:*:*:*:*:*
cpe:2.3:a:siemens:desigo_insight:6.0:-:*:*:*:*:*:*
cpe:2.3:a:siemens:desigo_insight:*:*:*:*:*:*:*:*

Information

Published : 2020-10-15 07:15

Updated : 2020-10-21 07:25


NVD link : CVE-2020-15793

Mitre link : CVE-2020-15793

Products Affected
No products.
CWE
CWE-1021

Improper Restriction of Rendered UI Layers or Frames