← Back to CVEs

CVE-2019-13923

CRITICAL

9.6

Description

A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions). The integrated configuration web server of the affected device could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known.

CVE Details

CVSS v3.1 Score9.6

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionREQUIRED

Published9/13/2019

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

siemens:ie\/wsn-pa_link_wirelesshart_gatewaysiemens:ie\/wsn-pa_link_wirelesshart_gateway_firmware

Weaknesses (CWE)

CWE-80CWE-79

References

https://cert-portal.siemens.com/productcert/pdf/ssa-191683.pdf(productcert@siemens.com)

https://www.us-cert.gov/ics/advisories/icsa-19-253-04(productcert@siemens.com)

https://cert-portal.siemens.com/productcert/pdf/ssa-191683.pdf(af854a3a-2127-422b-91ae-364da2661108)

https://www.us-cert.gov/ics/advisories/icsa-19-253-04(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.