CVE-2018-18985

Опубликовано: 29 янв. 2019

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality.

Ссылки

http://www.securityfocus.com/bid/106530
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/106530
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:tridium:niagara:*:*:*:*:*:*:*:*

Версия до 4.4.93.40.2 (исключая)

cpe:2.3:a:tridium:niagara:*:*:*:*:*:*:*:*

Версия от 4.6 (включая) до 4.6.96.28.4 (исключая)

cpe:2.3:a:tridium:niagara:4.4u2:*:*:*:*:*:*:*

cpe:2.3:a:tridium:niagara_ax_framework:*:*:*:*:*:*:*:*

Версия до 3.8.401.1 (исключая)

cpe:2.3:a:tridium:niagara_ax_framework:3.8u4:*:*:*:*:*:*:*

cpe:2.3:a:tridium:niagara_enterprise_security:*:*:*:*:*:*:*:*

Версия до 2.3.118.6 (исключая)

cpe:2.3:a:tridium:niagara_enterprise_security:2.3u1:*:*:*:*:*:*:*

EPSS

Процентиль: 43%

0.00206

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-76hj-25wr-pvgg