CVE-2018-19694 — MEDIUM (6.1)

Q: What is CVE-2018-19694?

CVE-2018-19694 is a vulnerability with a CVSS score of 6.1 (MEDIUM). HMS Industrial Networks Netbiter WS100 3.30.5 devices and previous have reflected XSS in the login form.

Q: How severe is CVE-2018-19694?

CVE-2018-19694 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-19694?

Check the references section above for vendor advisories and patch information. Affected products include: Hms-Networks Netbiter Ws100 Firmware, Hms-Networks Netbiter Ws100, Hms-Networks Netbiter Ws200 Firmware, Hms-Networks Netbiter Ws200, Hms-Networks Netbiter Ec150 Firmware.

Vulnerability Description

HMS Industrial Networks Netbiter WS100 3.30.5 devices and previous have reflected XSS in the login form.

CVSS Score

6.1

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Hms-Networks	Netbiter Ws100 Firmware	<= 3.30.5
Hms-Networks	Netbiter Ws100	-
Hms-Networks	Netbiter Ws200 Firmware	<= 3.30.4
Hms-Networks	Netbiter Ws200	-
Hms-Networks	Netbiter Ec150 Firmware	<= 1.40.0
Hms-Networks	Netbiter Ec150	-
Hms-Networks	Netbiter Ec250 Firmware	<= 1.40.0
Hms-Networks	Netbiter Ec250	-
Hms-Networks	Netbiter Lc310 Firmware	<= 3.30.5
Hms-Networks	Netbiter Lc310	-
Hms-Networks	Netbiter Lc310 Thingworx Firmware	<= 2.00.07
Hms-Networks	Netbiter Lc310 Thingworx	-
Hms-Networks	Netbiter Lc350 Firmware	<= 2.00.07
Hms-Networks	Netbiter Lc350	-
Hms-Networks	Netbiter Lc350 Thingworx Firmware	<= 2.00.07
Hms-Networks	Netbiter Lc350 Thingworx	-

Related Weaknesses (CWE)

CWE-79

References

http://packetstormsecurity.com/files/151119/HMS-Netbiter-WS100-3.30.5-Cross-SiteExploitThird Party AdvisoryVDB Entry
https://seclists.org/bugtraq/2019/Jan/9ExploitMailing ListThird Party Advisory
https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-PatchVendor Advisory
https://www.netbiter.com/productsProductThird Party Advisory
http://packetstormsecurity.com/files/151119/HMS-Netbiter-WS100-3.30.5-Cross-SiteExploitThird Party AdvisoryVDB Entry
https://seclists.org/bugtraq/2019/Jan/9ExploitMailing ListThird Party Advisory
https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-PatchVendor Advisory
https://www.netbiter.com/productsProductThird Party Advisory

FAQ

What is CVE-2018-19694?

CVE-2018-19694 is a vulnerability with a CVSS score of 6.1 (MEDIUM). HMS Industrial Networks Netbiter WS100 3.30.5 devices and previous have reflected XSS in the login form.

How severe is CVE-2018-19694?

CVE-2018-19694 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-19694?

Check the references section above for vendor advisories and patch information. Affected products include: Hms-Networks Netbiter Ws100 Firmware, Hms-Networks Netbiter Ws100, Hms-Networks Netbiter Ws200 Firmware, Hms-Networks Netbiter Ws200, Hms-Networks Netbiter Ec150 Firmware.