Severity

Medium

Analysis Summary

CVE-2020-15792 

The web service does not properly apply input validation for some query parameters, which may allow an attacker to retrieve data via a content based blind SQL injection attack. 

CVE-2020-15793

The affected product is vulnerable to clickjacking, which may allow an attacker to retrieve or modify data in the context of a legitimate user by tricking that user to click on a website controlled by the attacker. 

CVE-2020-15794

The affected product is vulnerable to exposure of sensitive information, which may allow an attacker to retrieve additional information about the host system.

Impact

• SQL Injection
• Exposure of Sensitive Information

Affected Vendors

Siemens

Affected Products

Desigo Insight: All versions

Remediation

Siemens recommends users to Update to v6.0 SP5