← Volver a CVEs

CVE-2019-13923

CRITICAL

9.6

Descripcion

A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions). The integrated configuration web server of the affected device could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known.

Detalles CVE

Puntuacion CVSS v3.19.6

SeveridadCRITICAL

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioREQUIRED

Publicado9/13/2019

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

siemens:ie\/wsn-pa_link_wirelesshart_gatewaysiemens:ie\/wsn-pa_link_wirelesshart_gateway_firmware

Debilidades (CWE)

CWE-80CWE-79

Referencias

https://cert-portal.siemens.com/productcert/pdf/ssa-191683.pdf(productcert@siemens.com)

https://www.us-cert.gov/ics/advisories/icsa-19-253-04(productcert@siemens.com)

https://cert-portal.siemens.com/productcert/pdf/ssa-191683.pdf(af854a3a-2127-422b-91ae-364da2661108)

https://www.us-cert.gov/ics/advisories/icsa-19-253-04(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.