CVE Vulnerability

CVE-2018-18985

Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality.

3.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 6.8 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

5.4 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02 Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/106530 Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:a:tridium:niagara_enterprise_security:*:*:*:*:*:*:*:*
cpe:2.3:a:tridium:niagara_enterprise_security:2.3u1:*:*:*:*:*:*:*
cpe:2.3:a:tridium:niagara:*:*:*:*:*:*:*:*
cpe:2.3:a:tridium:niagara:4.4u2:*:*:*:*:*:*:*
cpe:2.3:a:tridium:niagara:*:*:*:*:*:*:*:*
cpe:2.3:a:tridium:niagara_ax_framework:3.8u4:*:*:*:*:*:*:*
cpe:2.3:a:tridium:niagara_ax_framework:*:*:*:*:*:*:*:*
Information

Published : 2019-01-29 04:29

Updated : 2019-10-09 11:37

NVD link : CVE-2018-18985

Mitre link : CVE-2018-18985

Products Affected
No products.
CWE
CWE-79