← Zuruck zu CVEs

CVE-2019-13923

CRITICAL

9.6

Beschreibung

A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions). The integrated configuration web server of the affected device could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known.

CVE Details

CVSS v3.1 Bewertung9.6

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionREQUIRED

Veroffentlicht9/13/2019

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

siemens:ie\/wsn-pa_link_wirelesshart_gatewaysiemens:ie\/wsn-pa_link_wirelesshart_gateway_firmware

Schwachen (CWE)

CWE-80CWE-79

Referenzen

https://cert-portal.siemens.com/productcert/pdf/ssa-191683.pdf(productcert@siemens.com)

https://www.us-cert.gov/ics/advisories/icsa-19-253-04(productcert@siemens.com)

https://cert-portal.siemens.com/productcert/pdf/ssa-191683.pdf(af854a3a-2127-422b-91ae-364da2661108)

https://www.us-cert.gov/ics/advisories/icsa-19-253-04(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.