Lucene search

[email protected]NVD:CVE-2023-43698

HistoryOct 09, 2023 - 1:15 p.m.

CVE-2023-43698

2023-10-0913:15:10

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-43698

improper neutralization

web page generation

remote attacker

arbitrary code

browser

code injection

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

33.1%

JSON

Improper Neutralization of Input During Web Page Generation (’Cross-site Scripting’) in RDT400 in SICK APU allows an unprivileged remote attacker to run arbitrary code in the clients
browser via injecting code into the website.

Affected configurations

NVD

Node

sickapu0200_firmwareRange<4.0.0.6

AND

sickapu0200Match-

References

sick.com/.well-known/csaf/white/2023/sca-2023-0010.json

sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf

sick.com/psirt

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

33.1%

JSON

Related for NVD:CVE-2023-43698

prion1 cve1 cvelist1