Vulnerability Description
Cross-site scripting (XSS) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to inject arbitrary web script or HTML via crafted data.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Omron | Ns Series System Program Firmware | 8.1 |
| Omron | Ns10 Hmi Terminal | - |
| Omron | Ns12 Hmi Terminal | - |
| Omron | Ns15 Hmi Terminal | - |
| Omron | Ns5 Hmi Terminal | - |
| Omron | Ns8 Hmi Terminal | - |
Related Weaknesses (CWE)
References
- https://automation.omron.com/en/us/products/
- https://www.cisa.gov/news-events/ics-advisories/icsa-14-203-01
- http://ics-cert.us-cert.gov/advisories/ICSA-14-203-01Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/68836
FAQ
What is CVE-2014-2370?
CVE-2014-2370 is a vulnerability with a CVSS score of 4.0 (MEDIUM). Cross-site scripting (XSS) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to inject arbitrary web scri...
How severe is CVE-2014-2370?
CVE-2014-2370 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-2370?
Check the references section above for vendor advisories and patch information. Affected products include: Omron Ns Series System Program Firmware, Omron Ns10 Hmi Terminal, Omron Ns12 Hmi Terminal, Omron Ns15 Hmi Terminal, Omron Ns5 Hmi Terminal.