All the vulnerabilites related to ControlByWeb - X-301-24I
cve-2023-6333
Vulnerability from cvelistv5
Published
2023-12-07 18:08
Modified
2024-08-02 08:28
Severity ?
EPSS score ?
Summary
Cross-site Scripting in ControlByWeb Relays
References
▼ | URL | Tags |
---|---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-23-341-05 | government-resource |
Impacted products
▼ | Vendor | Product |
---|---|---|
ControlByWeb | X-332-24I | |
ControlByWeb | X-301-I | |
ControlByWeb | X-301-24I |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:28:21.197Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "government-resource", "x_transferred" ], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-341-05" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "X-332-24I", "vendor": "ControlByWeb", "versions": [ { "status": "affected", "version": "Firmware 1.06" } ] }, { "defaultStatus": "unaffected", "product": "X-301-I", "vendor": "ControlByWeb", "versions": [ { "status": "affected", "version": "Firmware 1.15" } ] }, { "defaultStatus": "unaffected", "product": "X-301-24I", "vendor": "ControlByWeb", "versions": [ { "status": "affected", "version": "Firmware 1.15" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Prajitesh Singh of Cyble" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cp\u003eThe affected ControlByWeb Relay products are vulnerable to a stored cross-site scripting vulnerability, which could allow an attacker to inject arbitrary scripts into the endpoint of a web interface that could run malicious javascript code during a user\u0027s session.\u003c/p\u003e\u003cbr\u003e\n\n" } ], "value": "\nThe affected ControlByWeb Relay products are vulnerable to a stored cross-site scripting vulnerability, which could allow an attacker to inject arbitrary scripts into the endpoint of a web interface that could run malicious javascript code during a user\u0027s session.\n\n\n\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-07T18:08:04.324Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "government-resource" ], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-341-05" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cp\u003eControlByWeb recommends users update to the following versions:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://controlbyweb.com/firmware/X301_v1.20_firmware.zip\"\u003eX301 V1.20\u003c/a\u003e.\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://controlbyweb.com/firmware/X332_v1.09_firmware.zip\"\u003eX332 V1.09\u003c/a\u003e.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e" } ], "value": "\nControlByWeb recommends users update to the following versions:\n\n * X301 V1.20 https://controlbyweb.com/firmware/X301_v1.20_firmware.zip .\n * X332 V1.09 https://controlbyweb.com/firmware/X332_v1.09_firmware.zip .\n\n\n\n\n\n" } ], "source": { "discovery": "UNKNOWN" }, "title": "Cross-site Scripting in ControlByWeb Relays", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2023-6333", "datePublished": "2023-12-07T18:08:04.324Z", "dateReserved": "2023-11-27T16:35:14.892Z", "dateUpdated": "2024-08-02T08:28:21.197Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }