CVE-2018-19694 - Vulnerability Details

HMS Industrial Networks Netbiter WS100 3.30.5 devices and previous have reflected XSS in the login form.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hms-networks	Netbiter Ec150 Netbiter Ec150 Firmware Netbiter Ec250 Netbiter Ec250 Firmware Netbiter Lc310 Netbiter Lc310 Firmware Netbiter Lc310 Thingworx Netbiter Lc310 Thingworx Firmware Netbiter Lc350 Netbiter Lc350 Firmware Netbiter Lc350 Thingworx Netbiter Lc350 Thingworx Firmware Netbiter Ws100 Netbiter Ws100 Firmware Netbiter Ws200 Netbiter Ws200 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:hms-networks:netbiter_ws100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hms-networks:netbiter_ws100:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:hms-networks:netbiter_ws200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hms-networks:netbiter_ws200:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:hms-networks:netbiter_ec150_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hms-networks:netbiter_ec150:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:hms-networks:netbiter_ec250_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hms-networks:netbiter_ec250:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:hms-networks:netbiter_lc310_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hms-networks:netbiter_lc310:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:hms-networks:netbiter_lc310_thingworx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hms-networks:netbiter_lc310_thingworx:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:hms-networks:netbiter_lc350_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hms-networks:netbiter_lc350:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:hms-networks:netbiter_lc350_thingworx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hms-networks:netbiter_lc350_thingworx:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/151119/HMS-Netbiter-WS100-3.30.5-Cross-Site-Scripting.html
https://seclists.org/bugtraq/2019/Jan/9
https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2018-12-04-001-ec150-ec250-lc310-lc350-ws100-ws200-cve-2018-19694.pdf
https://www.netbiter.com/products

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-03-17T18:59:02

Updated: 2024-08-05T11:44:19.616Z

Reserved: 2018-11-29T00:00:00

Link: CVE-2018-19694

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-03-21T16:00:32.623

Modified: 2024-11-21T03:58:23.693

Link: CVE-2018-19694

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object