HMS Industrial Networks
Anybus-CompactCom 30 products are vulnerable to a XSS attack caused by the lack of input sanitation checks. As a consequence, it is possible to insert HTML code into input fields and store the HTML code. The stored HTML code will be embedded in the page and executed by host browser the next time the page is loaded, enabling social engineering attacks.
References
Link | Resource |
---|---|
https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cybersecurity/security-advisory/hms-security-advisory-2024-05-17-001---anybus---compactcom-30-xss.pdf | Mitigation Vendor Advisory |
https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-20 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
History
13 Aug 2024, 13:53
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:hms-networks:anybus_compactcom_30_module_usb_without_housing:-:*:*:*:*:*:*:* cpe:2.3:h:hms-networks:anybus_compactcom_30_module_ethernet\/ip:-:*:*:*:*:*:*:* cpe:2.3:o:hms-networks:anybus_compactcom_30_module_ethernet\/ip_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:hms-networks:anybus_compactcom_30_module_usb_without_housing_firmware:-:*:*:*:*:*:*:* |
|
First Time |
Hms-networks anybus Compactcom 30 Module Ethernet\/ip Firmware
Hms-networks anybus Compactcom 30 Module Ethernet\/ip Hms-networks Hms-networks anybus Compactcom 30 Module Usb Without Housing Firmware Hms-networks anybus Compactcom 30 Module Usb Without Housing |
|
References | () https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cybersecurity/security-advisory/hms-security-advisory-2024-05-17-001---anybus---compactcom-30-xss.pdf - Mitigation, Vendor Advisory | |
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-20 - Third Party Advisory, US Government Resource | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
26 Jul 2024, 12:38
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
25 Jul 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-25 20:15
Updated : 2024-08-13 13:53
NVD link : CVE-2024-6558
Mitre link : CVE-2024-6558
CVE.ORG link : CVE-2024-6558
JSON object : View
Products Affected
hms-networks
- anybus_compactcom_30_module_ethernet\/ip
- anybus_compactcom_30_module_usb_without_housing_firmware
- anybus_compactcom_30_module_usb_without_housing
- anybus_compactcom_30_module_ethernet\/ip_firmware
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')