← Retour aux CVEs

CVE-2019-13923

CRITICAL

9.6

Description

A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions). The integrated configuration web server of the affected device could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known.

Details CVE

Score CVSS v3.19.6

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurREQUIRED

Publie9/13/2019

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

siemens:ie\/wsn-pa_link_wirelesshart_gatewaysiemens:ie\/wsn-pa_link_wirelesshart_gateway_firmware

Faiblesses (CWE)

CWE-80CWE-79

References

https://cert-portal.siemens.com/productcert/pdf/ssa-191683.pdf(productcert@siemens.com)

https://www.us-cert.gov/ics/advisories/icsa-19-253-04(productcert@siemens.com)

https://cert-portal.siemens.com/productcert/pdf/ssa-191683.pdf(af854a3a-2127-422b-91ae-364da2661108)

https://www.us-cert.gov/ics/advisories/icsa-19-253-04(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.