Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-18985

Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality.

Published

2019-01-29T16:29:00.483

Last Modified

2024-11-21T03:56:59.257

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 5.4 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

6.8

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-79
Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	tridium	niagara	< 4.4.93.40.2	Yes
Application	tridium	niagara	< 4.6.96.28.4	Yes
Application	tridium	niagara	4.4u2	Yes
Application	tridium	niagara_ax_framework	< 3.8.401.1	Yes
Application	tridium	niagara_ax_framework	3.8u4	Yes
Application	tridium	niagara_enterprise_security	< 2.3.118.6	Yes
Application	tridium	niagara_enterprise_security	2.3u1	Yes

References

http://www.securityfocus.com/bid/106530 Third Party Advisory, VDB Entry ([email protected])
https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02 Third Party Advisory, US Government Resource ([email protected])
http://www.securityfocus.com/bid/106530 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)