Vulners
Lucene search
HMS Netbiter WS100 3.30.5 Cross Site Scripting
🗓️ 13 Jan 2019 00:00:00Reported by Micha BorrmannType 
packetstorm🔗 packetstormsecurity.com👁 89 Views
| Reporter | Title | Published | Views | Family All 8 |
|---|---|---|---|---|
 | Netbiter WS100 Cross-Site Scripting Vulnerability | 16 Jan 201900:00 | – | cnvd |
 | CVE-2018-19694 | 17 Mar 201918:59 | – | cve |
 | CVE-2018-19694 | 17 Mar 201918:59 | – | cvelist |
 | EUVD-2018-11378 | 7 Oct 202500:30 | – | euvd |
 | CVE-2018-19694 | 21 Mar 201916:00 | – | nvd |
 | CVE-2018-19694 | 21 Mar 201916:00 | – | osv |
 | Cross site scripting | 21 Mar 201916:00 | – | prion |
 | CVE-2018-19694 | 22 May 202512:57 | – | redhatcve |
`-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Advisory ID: SYSS-2018-042
Product: Netbiter WS100
Manufacturer: HMS Industrial Networks AB
Affected Version(s): 3.30.5 <=
Tested Version(s): 3.30.5
Vulnerability Type: Cross-Site Scripting (CWE-79)
Risk Level: Low
Solution Status: Fixed
Manufacturer Notification: 2018-11-29
Solution Date: 2018-12-20
Public Disclosure: 2019-01-11
CVE Reference: CVE-2018-19694
Authors of Advisory: Micha Borrmann (SySS GmbH)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Overview:
Netbiter WS100 is a remote management solution for industrial control
(e.g. emergency generators) (see [1]).
Due to improper input validation, the web-based remote management
solution is vulnerable to reflected cross-site scripting attacks.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vulnerability Details:
The login form reflects values from parameters without any kind of
filtering or escaping.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Proof of Concept (PoC):
The following attack vector exemplarily demonstrates the described
reflected cross-site scripting vulnerability:
http://$TARGET/cgi-bin/write.cgi?page=%22;document.write(%27%3Ch1%3EXSS%20Demonstration%3C/h1%3E%27)//
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution:
Install the provided security patch (see [2]).
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Disclosure Timeline:
2018-11-29: Detection of the vulnerability
2018-11-29: CVE number assigned
2018-12-03: Vulnerability reported to manufacturer
2018-12-20: Security patch was released from the vendor
2019-01-11: Public release of the security advisory
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
References:
[1] Product web site
https://www.netbiter.com/support/file-doc-downloads/netbiter-ws100
[2] HMS Security Advisory Report HMSSAR-2018-12-04-001
https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2018-12-04-001-ec150-ec250-lc310-lc350-ws100-ws200-cve-2018-19694.pdf
[3] SySS Security Advisory SYSS-2018-042
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-042.txt
[4] SySS Responsible Disclosure Policy
https://www.syss.de/en/responsible-disclosure-policy/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Credits:
This security vulnerability was found by Micha Borrmann of SySS GmbH.
E-Mail: micha.borrmann (at) syss.de
Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Micha_Borrmann.asc
Key Fingerprint: F2E7 C6A5 9950 84ED 7AD6 0DD4 EDBE 26E7 14EA 5876
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Disclaimer:
The information provided in this security advisory is provided "as is"
and without warranty of any kind. Details of this security advisory
may be updated in order to provide as accurate information as
possible. The latest version of this security advisory is available on
the SySS Web site.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Copyright:
Creative Commons - Attribution (by) - Version 3.0
URL: http://creativecommons.org/licenses/by/3.0/deed.en
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE8ufGpZlQhO161g3U7b4m5xTqWHYFAlw4ozcACgkQ7b4m5xTq
WHbO4g//eCR/3uDF5Kr8G5Iybj8SkDbZVtkvvgX6E4NWKUEYC43F2buLtDqeei7k
CiELScdzz7n0SDhmbZLG9NT5Luo9Uu62bDfVejm9c6zLug0VftvX280HyPK51oxf
c3lX7mo5ZClq+Uj0UW/Pr4yZHhTEipySpRAOa1IM2VQqSN2tGThD/IOycZa3FmaL
qk5h+H+hIZKBhFGuowFhNULouP076l6ib66K/v6yXTO6BkcHNiHToUAWkoRuQ0rB
LEikXeAZqmv7DfKRwLhGJWzga4YDOQN0BCoVDtEzgpgf3ogyvwNMKnq5WxylfLn/
T2q8w4jvCmoPtQPRtW1IHGloMngso9O1bXBKzLAbS4EP/RJYzI8iazKVr7x9gpv0
7bw9+lQ9McMLLAiGgkJgMcWOjtaZpB+T5XegVbTjk/4g3kP6XCY8ZA4cvqxQ/QM5
4X5m5bk48ZW/agIqB+a8LzQdtQhFhITZ62eLO13Qmq7vEdIhTx6I1LmIIcICelyQ
pY0aRtMcXePGZOSiO/gqO50L1giA4BjwUOtSekvpt0XP/D4thruUajEK+4hnvazP
eX9bzseBj5gkaYGEBkj3adKK/AK9GALCwhj4UMvSlUA7uhMRUDZxErCZwUrVt9xB
TM0wQddZ5TFCWy22WONVd2+I53WqU+FZbP/Ygv+S0o22nHM++4E=
=TBoG
-----END PGP SIGNATURE-----
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
13 Jan 2019 00:00Current
6.4Medium risk
Vulners AI Score6.4
EPSS0.0051