Vulnerability CVE-2018-19694

Vulnerability CVE-2018-19694

Published: 2019-03-21

Description:

HMS Industrial Networks Netbiter WS100 3.30.5 devices and previous have reflected XSS in the login form.

See advisories in our WLB2 database:

	Topic	Author	Date
Low	HMS Netbiter WS100 3.30.5 Cross Site Scripting	Micha Borrmann	14.01.2019

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.3/10	2.9/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
None	Partial	None

Affected software
Hms-networks -> Netbiter ec150 firmware
Hms-networks -> Netbiter ec250 firmware
Hms-networks -> Netbiter lc310 firmware
Hms-networks -> Netbiter lc310 thingworx firmware
Hms-networks -> Netbiter lc350 firmware
Hms-networks -> Netbiter lc350 thingworx firmware
Hms-networks -> Netbiter ws100 firmware
Hms-networks -> Netbiter ws200 firmware

References:

http://packetstormsecurity.com/files/151119/HMS-Netbiter-WS100-3.30.5-Cross-Site-Scripting.html

https://seclists.org/bugtraq/2019/Jan/9

https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2018-12-04-001-ec150-ec250-lc310-lc350-ws100-ws200-cve-2018-19694.pdf

https://www.netbiter.com/products

Vulnerability CVE-2018-19694

HMS Industrial Networks Netbiter WS100 3.30.5 devices and previous have reflected XSS in the login form.

See advisories in our WLB2 database:

Low

HMS Netbiter WS100 3.30.5 Cross Site Scripting

CWE-79

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

4.3/10

2.9/10

8.6/10

Remote

Medium

No required

None

Partial

None

Affected software

References: