HMS Industrial Networks
Anybus-CompactCom 30 products are vulnerable to a XSS attack caused by the lack of input sanitation checks. As a consequence, it is possible to insert HTML code into input fields and store the HTML code. The stored HTML code will be embedded in the page and executed by host browser the next time the page is loaded, enabling social engineering attacks.
References
Link | Resource |
---|---|
https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cybersecurity/security-advisory/hms-security-advisory-2024-05-17-001---anybus---compactcom-30-xss.pdf | Mitigation Vendor Advisory |
https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-20 | Third Party Advisory US Government Resource |
https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cybersecurity/security-advisory/hms-security-advisory-2024-05-17-001---anybus---compactcom-30-xss.pdf | Mitigation Vendor Advisory |
https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-20 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
History
21 Nov 2024, 09:49
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.3 |
References | () https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cybersecurity/security-advisory/hms-security-advisory-2024-05-17-001---anybus---compactcom-30-xss.pdf - Mitigation, Vendor Advisory | |
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-20 - Third Party Advisory, US Government Resource |
13 Aug 2024, 13:53
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:hms-networks:anybus_compactcom_30_module_usb_without_housing:-:*:*:*:*:*:*:* cpe:2.3:h:hms-networks:anybus_compactcom_30_module_ethernet\/ip:-:*:*:*:*:*:*:* cpe:2.3:o:hms-networks:anybus_compactcom_30_module_ethernet\/ip_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:hms-networks:anybus_compactcom_30_module_usb_without_housing_firmware:-:*:*:*:*:*:*:* |
|
First Time |
Hms-networks anybus Compactcom 30 Module Ethernet\/ip Firmware
Hms-networks anybus Compactcom 30 Module Ethernet\/ip Hms-networks Hms-networks anybus Compactcom 30 Module Usb Without Housing Firmware Hms-networks anybus Compactcom 30 Module Usb Without Housing |
|
References | () https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cybersecurity/security-advisory/hms-security-advisory-2024-05-17-001---anybus---compactcom-30-xss.pdf - Mitigation, Vendor Advisory | |
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-20 - Third Party Advisory, US Government Resource | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
26 Jul 2024, 12:38
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
25 Jul 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-25 20:15
Updated : 2024-11-21 09:49
NVD link : CVE-2024-6558
Mitre link : CVE-2024-6558
CVE.ORG link : CVE-2024-6558
JSON object : View
Products Affected
hms-networks
- anybus_compactcom_30_module_usb_without_housing_firmware
- anybus_compactcom_30_module_ethernet\/ip_firmware
- anybus_compactcom_30_module_ethernet\/ip
- anybus_compactcom_30_module_usb_without_housing
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')