ID
VAR-202307-0595
CVE
CVE-2023-36386
TITLE
Cross-site scripting vulnerability in multiple Siemens products
Trust: 0.8
DESCRIPTION
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response without sanitization while throwing an “invalid params element name” error on the get_elements parameters. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments
Trust: 2.25
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | siemens | model: | ruggedcom rox rx1501 | scope: | lt | version: | 2.16.0 | Trust: 1.0 |
| vendor: | siemens | model: | ruggedcom rox rx1524 | scope: | lt | version: | 2.16.0 | Trust: 1.0 |
| vendor: | siemens | model: | ruggedcom rox mx5000re | scope: | lt | version: | 2.16.0 | Trust: 1.0 |
| vendor: | siemens | model: | ruggedcom rox rx1511 | scope: | lt | version: | 2.16.0 | Trust: 1.0 |
| vendor: | siemens | model: | ruggedcom rox mx5000 | scope: | lt | version: | 2.16.0 | Trust: 1.0 |
| vendor: | siemens | model: | ruggedcom rox rx1500 | scope: | lt | version: | 2.16.0 | Trust: 1.0 |
| vendor: | siemens | model: | ruggedcom rox rx1536 | scope: | lt | version: | 2.16.0 | Trust: 1.0 |
| vendor: | siemens | model: | ruggedcom rox rx1400 | scope: | lt | version: | 2.16.0 | Trust: 1.0 |
| vendor: | siemens | model: | ruggedcom rox rx1512 | scope: | lt | version: | 2.16.0 | Trust: 1.0 |
| vendor: | siemens | model: | ruggedcom rox rx1510 | scope: | lt | version: | 2.16.0 | Trust: 1.0 |
| vendor: | siemens | model: | ruggedcom rox rx5000 | scope: | lt | version: | 2.16.0 | Trust: 1.0 |
| vendor: | シーメンス | model: | ruggedcom rox rx1500 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | ruggedcom rox rx1501 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | ruggedcom rox rx1524 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | ruggedcom rox rx5000 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | ruggedcom rox mx5000 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | ruggedcom rox rx1512 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | ruggedcom rox rx1510 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | ruggedcom rox rx1400 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | ruggedcom rox rx1511 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | ruggedcom rox mx5000re | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | ruggedcom rox rx1536 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | siemens | model: | ruggedcom rox mx5000 | scope: | lt | version: | v2.16.0 | Trust: 0.6 |
| vendor: | siemens | model: | ruggedcom rox mx5000re | scope: | lt | version: | v2.16.0 | Trust: 0.6 |
| vendor: | siemens | model: | ruggedcom rox rx1400 | scope: | lt | version: | v2.16.0 | Trust: 0.6 |
| vendor: | siemens | model: | ruggedcom rox rx1500 | scope: | lt | version: | v2.16.0 | Trust: 0.6 |
| vendor: | siemens | model: | ruggedcom rox rx1501 | scope: | lt | version: | v2.16.0 | Trust: 0.6 |
| vendor: | siemens | model: | ruggedcom rox rx1510 | scope: | lt | version: | v2.16.0 | Trust: 0.6 |
| vendor: | siemens | model: | ruggedcom rox rx1511 | scope: | lt | version: | v2.16.0 | Trust: 0.6 |
| vendor: | siemens | model: | ruggedcom rox rx1512 | scope: | lt | version: | v2.16.0 | Trust: 0.6 |
| vendor: | siemens | model: | ruggedcom rox rx1524 | scope: | lt | version: | v2.16.0 | Trust: 0.6 |
| vendor: | siemens | model: | ruggedcom rox rx1536 | scope: | lt | version: | v2.16.0 | Trust: 0.6 |
| vendor: | siemens | model: | ruggedcom rox rx5000 | scope: | lt | version: | v2.16.0 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-79 | Trust: 1.0 |
| problemtype: | Cross-site scripting (CWE-79) [NVD evaluation ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
XSS
Trust: 0.6
PATCH
| title: | Patch for Siemens RUGGEDCOM ROX cross-site scripting vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/440296 | Trust: 0.6 |
| title: | Siemens RUGGEDCOM ROX A series of products Fixes for cross-site scripting vulnerabilities | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=246665 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2023-36386 | Trust: 3.9 |
| db: | SIEMENS | id: | SSA-146325 | Trust: 3.1 |
| db: | ICS CERT | id: | ICSA-23-194-01 | Trust: 0.8 |
| db: | JVN | id: | JVNVU95292697 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2023-021751 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2023-55711 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202307-743 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2023-36386 | Trust: 0.1 |
REFERENCES
| url: | https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf | Trust: 2.5 |
| url: | https://jvn.jp/vu/jvnvu95292697/ | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2023-36386 | Trust: 0.8 |
| url: | https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01 | Trust: 0.8 |
| url: | https://cert-portal.siemens.com/productcert/html/ssa-146325.html | Trust: 0.6 |
| url: | https://cxsecurity.com/cveshow/cve-2023-36386/ | Trust: 0.6 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
SOURCES
| db: | CNVD | id: | CNVD-2023-55711 |
| db: | VULMON | id: | CVE-2023-36386 |
| db: | JVNDB | id: | JVNDB-2023-021751 |
| db: | CNNVD | id: | CNNVD-202307-743 |
| db: | NVD | id: | CVE-2023-36386 |
LAST UPDATE DATE
2024-08-14T12:59:01.598000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2023-55711 | date: | 2023-07-12T00:00:00 |
| db: | VULMON | id: | CVE-2023-36386 | date: | 2023-07-11T00:00:00 |
| db: | JVNDB | id: | JVNDB-2023-021751 | date: | 2024-01-19T08:08:00 |
| db: | CNNVD | id: | CNNVD-202307-743 | date: | 2023-07-19T00:00:00 |
| db: | NVD | id: | CVE-2023-36386 | date: | 2023-07-18T15:45:46.237 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2023-55711 | date: | 2023-07-12T00:00:00 |
| db: | VULMON | id: | CVE-2023-36386 | date: | 2023-07-11T00:00:00 |
| db: | JVNDB | id: | JVNDB-2023-021751 | date: | 2024-01-19T00:00:00 |
| db: | CNNVD | id: | CNNVD-202307-743 | date: | 2023-07-11T00:00:00 |
| db: | NVD | id: | CVE-2023-36386 | date: | 2023-07-11T10:15:10.680 |