Main Vulnerability Database Vulnerabilities #VU25262

#VU25262 Information disclosure in Siemens OZW672 and Siemens OZW772 - CVE-2019-13941

Published: February 12, 2020

Vulnerability identifier: #VU25262

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-13941

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Siemens OZW672
Siemens OZW772

Software vendor:
Siemens

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the OZW web server uses predictable path names for project files that legitimately authenticated users have created by using the application’s export function. A remote attacker can access a specific uniform resource locator on the web server and download a project file without prior authentication.

Remediation

Install updates from vendor's website.

External links

https://cert-portal.siemens.com/productcert/pdf/ssa-986695.pdf

#VU25262 Information disclosure in Siemens OZW672 and Siemens OZW772 - CVE-2019-13941

Description

Remediation

External links

Please verify you're human