Lucene search

[email protected]NVD:CVE-2023-36390

HistoryJul 11, 2023 - 10:15 a.m.

CVE-2023-36390

2023-07-1110:15:10

CWE-79

[email protected]

web.nvd.nist.gov

vulnerability

ruggedcom rox

cross-site scripting

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.4%

JSON

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response
without sanitization while throwing an “invalid params element name” error on the action parameters.

Affected configurations

NVD

Node

siemensruggedcom_rox_mx5000_firmwareRange<2.16.0

AND

siemensruggedcom_rox_mx5000Match-

Node

siemensruggedcom_rox_mx5000re_firmwareRange<2.16.0

AND

siemensruggedcom_rox_mx5000reMatch-

Node

siemensruggedcom_rox_rx1400_firmwareRange<2.16.0

AND

siemensruggedcom_rox_rx1400Match-

Node

siemensruggedcom_rox_rx1500_firmwareRange<2.16.0

AND

siemensruggedcom_rox_rx1500Match-

Node

siemensruggedcom_rox_rx1501_firmwareRange<2.16.0

AND

siemensruggedcom_rox_rx1501Match-

Node

siemensruggedcom_rox_rx1510_firmwareRange<2.16.0

AND

siemensruggedcom_rox_rx1510Match-

Node

siemensruggedcom_rox_rx1511_firmwareRange<2.16.0

AND

siemensruggedcom_rox_rx1511Match-

Node

siemensruggedcom_rox_rx1512_firmwareRange<2.16.0

AND

siemensruggedcom_rox_rx1512Match-

Node

siemensruggedcom_rox_rx1524_firmwareRange<2.16.0

AND

siemensruggedcom_rox_rx1524Match-

Node

siemensruggedcom_rox_rx1536_firmwareRange<2.16.0

AND

siemensruggedcom_rox_rx1536Match-

Node

siemensruggedcom_rox_rx5000_firmwareRange<2.16.0

AND

siemensruggedcom_rox_rx5000Match-

References

cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.4%

JSON

Related for NVD:CVE-2023-36390

cnvd1 nessus1 cve1 cvelist1 prion1 ics1