CVE-2020-15794

Published: Oct 15, 2020Modified: Jun 17, 2026

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

A vulnerability has been identified in Desigo Insight (All versions). Some error messages in the web application show the absolute path to the requested resource. This could allow an authenticated attacker to retrieve additional information about the host system.

Affected (5)

Products: Siemens: Desigo Insight

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Siemens Desigo Insight	Before 6.0
Siemens Desigo Insight	Version 6.0
Siemens Desigo Insight	Version 6.0 sp2
Siemens Desigo Insight	Version 6.0 sp3
Siemens Desigo Insight	Version 6.0 sp5

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

References (4)

https://cert-portal.siemens.com/productcert/pdf/ssa-226339.pdf

Source: productcert@siemens.com

Vendor Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-20-287-05

Source: productcert@siemens.com

Third Party AdvisoryUS Government Resource

https://cert-portal.siemens.com/productcert/pdf/ssa-226339.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-20-287-05

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.