{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-27T13:14:50.802","vulnerabilities":[{"cve":{"id":"CVE-2018-11448","sourceIdentifier":"productcert@siemens.com","published":"2018-06-26T18:29:00.697","lastModified":"2024-11-21T03:43:23.363","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a stored Cross-Site Scripting (XSS) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires that the attacker has access to the web interface of an affected device. The attacker must be authenticated as administrative user on the web interface. Afterwards, a legitimate user must access the web interface. A successful attack could allow an attacker to execute malicious code in the browser of a legitimate user. At the time of advisory publication no public exploitation of this security vulnerability was known."},{"lang":"es","value":"Se ha identificado una vulnerabilidad en SCALANCE M875 (todas las versiones). La interfaz web en el puerto 443/tcp podría permitir un ataque Cross-Site Scripting (XSS) persistente si se engaña a un usuario desprevenido para que acceda a un enlace malicioso. Su explotación con éxito requiere que el atacante tenga acceso a la interfaz web de un dispositivo afectado. El atacante debe estar autenticado como usuario administrativo en la interfaz web. Después, un usuario legítimo debe acceder a la interfaz web. Un ataque con éxito podría permitir que el atacante ejecute código malicioso en el navegador de un usuario legítimo. En el momento de la publicación del advisory, no se conoce ninguna explotación pública de la vulnerabilidad de seguridad."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"productcert@siemens.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:scalance_m875_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"880C1489-FB3E-4697-A266-377A616C6EB5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:scalance_m875:-:*:*:*:*:*:*:*","matchCriteriaId":"25AFAF4D-2485-4245-BF72-99C5EC471FF4"}]}]}],"references":[{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-977428.pdf","source":"productcert@siemens.com","tags":["Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-977428.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}