CVE-2024-38501

An unauthenticated remote attacker may use a HTML injection vulnerability with limited length to inject malicious HTML code and gain low-privileged access on the affected device.
References
Link Resource
https://cert.vde.com/en/advisories/VDE-2024-033 Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:pepperl-fuchs:icdm-rx\/tcp_socketserver_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:pepperl-fuchs:icdm-rx\/tcp-16db9\/rj45-rm:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/tcp-16rj45\/2rj45-pm:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/tcp-16rj45\/rj45-rm:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/tcp-2db9\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/tcp-2st\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/tcp-32rj45\/rj45-rm:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/tcp-4db9\/2rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/tcp-4db9\/2rj45-pm:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/tcp-8db9\/2rj45-pm:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/tcp-db9\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/tcp-db9\/rj45-pm:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/tcp-db9\/rj45-pm2:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/tcp-st\/rj45-din:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:pepperl-fuchs:profinet_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:pepperl-fuchs:icdm-rx\/pn-2db9\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/pn-2st\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/pn-4db9\/2rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/pn-db9\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/pn-db9\/rj45-pm:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/pn-st\/rj45-din:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:pepperl-fuchs:profinet\/modbus_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:pepperl-fuchs:icdm-rx\/pn1-2db9\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/pn1-2st\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/pn1-4db9\/2rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/pn1-db9\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/pn1-db9\/rj45-pm:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/pn1-st\/rj45-din:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:pepperl-fuchs:modbus_router_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:pepperl-fuchs:modbus_server_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:pepperl-fuchs:modbus_tcp_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:pepperl-fuchs:icdm-rx\/mod-4db9\/2rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/mod-db9\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/mod-st\/rj45-din:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:pepperl-fuchs:ethernet\/ip_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:pepperl-fuchs:icdm-rx\/en-2db9\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/en-2st\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/en-4db9\/2rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/en-db9\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/en-db9\/rj45-pm:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/en-st\/rj45-din:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:pepperl-fuchs:eip\/modbus_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:pepperl-fuchs:icdm-rx\/en1-2db9\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/en1-2st\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/en1-4db9\/2rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/en1-db9\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/en1-db9\/rj45-pm:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/en1-st\/rj45-din:-:*:*:*:*:*:*:*

History

22 Aug 2024, 13:34

Type Values Removed Values Added
Summary
  • (es) Un atacante remoto no autenticado puede utilizar una vulnerabilidad de inyección de HTML con una longitud limitada para inyectar código HTML malicioso y obtener acceso con pocos privilegios en el dispositivo afectado.
CPE cpe:2.3:h:pepperl-fuchs:icdm-rx\/en-2db9\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/tcp-4db9\/2rj45-pm:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/en1-2st\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/tcp-db9\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/en1-db9\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/pn-2st\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/pn-4db9\/2rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:o:pepperl-fuchs:eip\/modbus_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/tcp-db9\/rj45-pm2:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/pn1-db9\/rj45-pm:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/en-st\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/pn1-2db9\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/en-db9\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/tcp-32rj45\/rj45-rm:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/tcp-8db9\/2rj45-pm:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/pn-db9\/rj45-pm:-:*:*:*:*:*:*:*
cpe:2.3:o:pepperl-fuchs:profinet\/modbus_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/en1-st\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/tcp-4db9\/2rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:o:pepperl-fuchs:modbus_server_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/tcp-db9\/rj45-pm:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/mod-4db9\/2rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/tcp-st\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/pn-st\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:o:pepperl-fuchs:profinet_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:pepperl-fuchs:modbus_tcp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:pepperl-fuchs:modbus_router_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/pn-2db9\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/tcp-16rj45\/rj45-rm:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/pn1-2st\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/en-2st\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/en-db9\/rj45-pm:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/mod-db9\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/en1-4db9\/2rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:o:pepperl-fuchs:icdm-rx\/tcp_socketserver_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:pepperl-fuchs:ethernet\/ip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/pn-db9\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/tcp-16db9\/rj45-rm:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/en-4db9\/2rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/tcp-16rj45\/2rj45-pm:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/pn1-4db9\/2rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/en1-2db9\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/tcp-2st\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/en1-db9\/rj45-pm:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/pn1-db9\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/mod-st\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/tcp-2db9\/rj45-din:-:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icdm-rx\/pn1-st\/rj45-din:-:*:*:*:*:*:*:*
References () https://cert.vde.com/en/advisories/VDE-2024-033 - () https://cert.vde.com/en/advisories/VDE-2024-033 - Third Party Advisory
First Time Pepperl-fuchs icdm-rx\/en-2st\/rj45-din
Pepperl-fuchs icdm-rx\/tcp-st\/rj45-din
Pepperl-fuchs icdm-rx\/pn1-db9\/rj45-pm
Pepperl-fuchs icdm-rx\/pn1-st\/rj45-din
Pepperl-fuchs icdm-rx\/tcp-4db9\/2rj45-pm
Pepperl-fuchs modbus Router Firmware
Pepperl-fuchs icdm-rx\/en1-db9\/rj45-pm
Pepperl-fuchs icdm-rx\/mod-4db9\/2rj45-din
Pepperl-fuchs icdm-rx\/pn1-2st\/rj45-din
Pepperl-fuchs modbus Tcp Firmware
Pepperl-fuchs icdm-rx\/pn-st\/rj45-din
Pepperl-fuchs icdm-rx\/tcp-16rj45\/rj45-rm
Pepperl-fuchs profinet\/modbus Firmware
Pepperl-fuchs icdm-rx\/mod-db9\/rj45-din
Pepperl-fuchs icdm-rx\/pn1-db9\/rj45-din
Pepperl-fuchs icdm-rx\/tcp-db9\/rj45-pm
Pepperl-fuchs icdm-rx\/en1-db9\/rj45-din
Pepperl-fuchs icdm-rx\/pn-2db9\/rj45-din
Pepperl-fuchs
Pepperl-fuchs modbus Server Firmware
Pepperl-fuchs icdm-rx\/en-2db9\/rj45-din
Pepperl-fuchs profinet Firmware
Pepperl-fuchs icdm-rx\/tcp-4db9\/2rj45-din
Pepperl-fuchs icdm-rx\/pn-4db9\/2rj45-din
Pepperl-fuchs icdm-rx\/tcp-16rj45\/2rj45-pm
Pepperl-fuchs icdm-rx\/en-st\/rj45-din
Pepperl-fuchs icdm-rx\/en1-2st\/rj45-din
Pepperl-fuchs icdm-rx\/en-4db9\/2rj45-din
Pepperl-fuchs icdm-rx\/en-db9\/rj45-pm
Pepperl-fuchs icdm-rx\/tcp-2st\/rj45-din
Pepperl-fuchs icdm-rx\/pn-2st\/rj45-din
Pepperl-fuchs eip\/modbus Firmware
Pepperl-fuchs icdm-rx\/tcp-db9\/rj45-pm2
Pepperl-fuchs icdm-rx\/tcp Socketserver Firmware
Pepperl-fuchs icdm-rx\/pn1-2db9\/rj45-din
Pepperl-fuchs icdm-rx\/tcp-32rj45\/rj45-rm
Pepperl-fuchs icdm-rx\/mod-st\/rj45-din
Pepperl-fuchs icdm-rx\/en1-2db9\/rj45-din
Pepperl-fuchs icdm-rx\/tcp-16db9\/rj45-rm
Pepperl-fuchs icdm-rx\/en1-st\/rj45-din
Pepperl-fuchs icdm-rx\/pn-db9\/rj45-din
Pepperl-fuchs icdm-rx\/en-db9\/rj45-din
Pepperl-fuchs icdm-rx\/tcp-db9\/rj45-din
Pepperl-fuchs icdm-rx\/en1-4db9\/2rj45-din
Pepperl-fuchs icdm-rx\/tcp-8db9\/2rj45-pm
Pepperl-fuchs ethernet\/ip Firmware
Pepperl-fuchs icdm-rx\/pn1-4db9\/2rj45-din
Pepperl-fuchs icdm-rx\/pn-db9\/rj45-pm
Pepperl-fuchs icdm-rx\/tcp-2db9\/rj45-din

13 Aug 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-13 13:15

Updated : 2024-08-22 13:34


NVD link : CVE-2024-38501

Mitre link : CVE-2024-38501

CVE.ORG link : CVE-2024-38501


JSON object : View

Products Affected

pepperl-fuchs

  • eip\/modbus_firmware
  • icdm-rx\/tcp-2db9\/rj45-din
  • icdm-rx\/tcp-2st\/rj45-din
  • icdm-rx\/tcp-32rj45\/rj45-rm
  • modbus_router_firmware
  • icdm-rx\/tcp-16db9\/rj45-rm
  • icdm-rx\/en-db9\/rj45-din
  • icdm-rx\/pn-2st\/rj45-din
  • icdm-rx\/en-st\/rj45-din
  • icdm-rx\/en1-st\/rj45-din
  • icdm-rx\/en-2db9\/rj45-din
  • icdm-rx\/pn1-st\/rj45-din
  • icdm-rx\/pn1-db9\/rj45-din
  • icdm-rx\/mod-st\/rj45-din
  • icdm-rx\/pn1-4db9\/2rj45-din
  • icdm-rx\/pn-db9\/rj45-din
  • icdm-rx\/pn-st\/rj45-din
  • icdm-rx\/en-db9\/rj45-pm
  • icdm-rx\/en-2st\/rj45-din
  • icdm-rx\/pn-db9\/rj45-pm
  • icdm-rx\/en1-db9\/rj45-pm
  • icdm-rx\/tcp-4db9\/2rj45-din
  • icdm-rx\/tcp-db9\/rj45-pm
  • icdm-rx\/en-4db9\/2rj45-din
  • modbus_server_firmware
  • icdm-rx\/mod-4db9\/2rj45-din
  • icdm-rx\/tcp-4db9\/2rj45-pm
  • modbus_tcp_firmware
  • icdm-rx\/tcp-16rj45\/2rj45-pm
  • icdm-rx\/en1-2db9\/rj45-din
  • icdm-rx\/pn1-2db9\/rj45-din
  • icdm-rx\/tcp-16rj45\/rj45-rm
  • icdm-rx\/pn-2db9\/rj45-din
  • icdm-rx\/pn-4db9\/2rj45-din
  • icdm-rx\/pn1-2st\/rj45-din
  • profinet\/modbus_firmware
  • profinet_firmware
  • icdm-rx\/mod-db9\/rj45-din
  • icdm-rx\/en1-4db9\/2rj45-din
  • icdm-rx\/tcp-st\/rj45-din
  • icdm-rx\/en1-2st\/rj45-din
  • icdm-rx\/tcp_socketserver_firmware
  • icdm-rx\/tcp-db9\/rj45-din
  • icdm-rx\/en1-db9\/rj45-din
  • ethernet\/ip_firmware
  • icdm-rx\/pn1-db9\/rj45-pm
  • icdm-rx\/tcp-8db9\/2rj45-pm
  • icdm-rx\/tcp-db9\/rj45-pm2
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')