Vulnerability Description
Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tridium | Niagara | < 4.4.93.40.2 |
| Tridium | Niagara Ax Framework | < 3.8.401.1 |
| Tridium | Niagara Enterprise Security | < 2.3.118.6 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/106530Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/106530Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2018-18985?
CVE-2018-18985 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all ve...
How severe is CVE-2018-18985?
CVE-2018-18985 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-18985?
Check the references section above for vendor advisories and patch information. Affected products include: Tridium Niagara, Tridium Niagara Ax Framework, Tridium Niagara Enterprise Security.