CVE-2019-6528

EPSS 0.88%
Veröffentlicht 05.03.2019 20:29:00
Zuletzt bearbeitet 21.11.2024 04:46:38
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

PSI GridConnect GmbH Telecontrol Gateway and Smart Telecontrol Unit family, IEC104 Security Proxy versions Telecontrol Gateway 3G Versions 4.2.21, 5.0.27, 5.1.19, 6.0.16 and prior, and Telecontrol Gateway XS-MU Versions 4.2.21, 5.0.27, 5.1.19, 6.0.16 and prior, and Telecontrol Gateway VM Versions 4.2.21, 5.0.27, 5.1.19, 6.0.16 and prior, and Smart Telecontrol Unit TCG Versions 5.0.27, 5.1.19, 6.0.16 and prior, and IEC104 Security Proxy Version 2.2.10 and prior The web application browser interprets input as active HTML, JavaScript, or VBScript, which could allow an attacker to execute arbitrary code.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Psigridconnect ≫ Telecontrol Gateway Xs-mu Firmware Version < 5.1.20

Psigridconnect ≫ Telecontrol Gateway Xs-mu Version-

Psigridconnect ≫ Telecontrol Gateway Xs-mu Firmware Version >= 5.1.21 <= 6.0.16

Psigridconnect ≫ Telecontrol Gateway Xs-mu Version-

Psigridconnect ≫ Telecontrol Gateway Vm Firmware Version < 5.1.20

Psigridconnect ≫ Telecontrol Gateway Vm Version-

Psigridconnect ≫ Telecontrol Gateway Vm Firmware Version >= 5.1.21 <= 6.0.16

Psigridconnect ≫ Telecontrol Gateway Vm Version-

Psigridconnect ≫ Telecontrol Gateway 3g Firmware Version < 5.1.20

Psigridconnect ≫ Telecontrol Gateway 3g Version-

Psigridconnect ≫ Telecontrol Gateway 3g Firmware Version >= 5.1.21 < 6.0.16

Psigridconnect ≫ Telecontrol Gateway 3g Version-

Psigridconnect ≫ Smart Telecontrol Unit Tcg Firmware Version < 5.1.20

Psigridconnect ≫ Smart Telecontrol Unit Tcg Version-

Psigridconnect ≫ Smart Telecontrol Unit Tcg Firmware Version >= 5.1.21 < 6.0.16

Psigridconnect ≫ Smart Telecontrol Unit Tcg Version-

Psigridconnect ≫ Iec104 Security Proxy Firmware Version <= 2.2.10

Psigridconnect ≫ Iec104 Security Proxy Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.88%	0.743

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://www.securityfocus.com/bid/107201

Third Party Advisory

VDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-19-059-01

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2019-6528

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-6528

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-6528

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-6528