A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). The integrated web server of the affected CP devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into following a malicious link. User interaction is required for a successful exploitation. At the time of advisory publication no public exploitation of this vulnerability was known.

Published : 2019-04-17 14:29 Updated : 2019-07-11 22:15

CVSS Score More info
Score 4.3 / 10
Vendor Product Version URI
Siemens Cp 1604 Firmware 2.8 cpe:/o:siemens:cp_1604_firmware:2.8
Siemens Cp 1616 Firmware 2.8 cpe:/o:siemens:cp_1616_firmware:2.8
  1. Siemens (2) Search CVE
    1. Cp 1616 Firmware (1) Search CVE
      1. 2.8
    2. Cp 1604 Firmware (1) Search CVE
      1. 2.8


ID Name Description Links
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. CVE

History of changes

Date Event
2019-07-11 22:15
2019-04-18 15:20
2019-04-17 14:29