CVE-2017-6866

EUVD-2017-15920
A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Affected Products (NVD)
VendorProductVersion
siemensxhq_server
𝑥
≤ 4.7.1.2
siemensxhq_server
𝑥
≤ 5.0.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/99247
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-945660.pdf
http://www.securityfocus.com/bid/99247
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-945660.pdf