Vulnerability Description
The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.00_2 to V3.15.70_4 devices fails to sanitize user input on the system configurations page. This allows an attacker to backdoor the device with HTML and browser-interpreted content (such as JavaScript or other client-side scripts) as the content is always displayed after and before login. Persistent XSS allows an attacker to modify displayed content or to change the victim's information. Successful exploitation requires access to the web management interface, either with valid credentials or a hijacked session.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rittal | Cmc Pu Iii 7030.000 Firmware | >= 3.11.00_2, <= 3.15.70_4 |
| Rittal | Cmc Pu Iii 7030.000 | >= 3.00, <= 6.01 |
Related Weaknesses (CWE)
References
- https://github.com/miguelhamal/CVE-2019-19393Third Party Advisory
- https://www.rittal.us/monitoring-security/cmc-iii.htmlBroken LinkVendor Advisory
- https://github.com/miguelhamal/CVE-2019-19393Third Party Advisory
- https://www.rittal.us/monitoring-security/cmc-iii.htmlBroken LinkVendor Advisory
FAQ
What is CVE-2019-19393?
CVE-2019-19393 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.00_2 to V3.15.70_4 devices fails to sanitize user input on the system configurations page. This allows an attacker to backdoor the device ...
How severe is CVE-2019-19393?
CVE-2019-19393 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-19393?
Check the references section above for vendor advisories and patch information. Affected products include: Rittal Cmc Pu Iii 7030.000 Firmware, Rittal Cmc Pu Iii 7030.000.