Lucene search
CERTVDEVULNRICHMENT:CVE-2024-38501HistoryAug 13, 2024 - 12:33 p.m.
CVE-2024-38501 Pepperl+Fuchs: Device Master ICDM-RX/* XSS vulnerability allows HTML injection
2024-08-1312:33:00
CWE-79
CERTVDE
github.com
5
cve-2024-38501; pepperl+fuchs; device; html injection; vulnerability; remote attacker; malicious code; low-privileged access
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
7.5
Confidence
Low
EPSS
0.001
Percentile
17.7%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
An unauthenticated remote attacker may use a HTML injection vulnerability with limited length to inject malicious HTML code and gain low-privileged access on the affected device.
CNA Affected
[
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/TCP-DB9/RJ45-DIN",
"versions": [
{
"status": "affected",
"version": "SocketServer",
"versionType": "semver",
"lessThanOrEqual": "11.65"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/TCP-ST/RJ45-DIN",
"versions": [
{
"status": "affected",
"version": "SocketServer",
"versionType": "semver",
"lessThanOrEqual": "11.65"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/TCP-4DB9/2RJ45-DIN",
"versions": [
{
"status": "affected",
"version": "SocketServer",
"versionType": "semver",
"lessThanOrEqual": "11.65"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/TCP-DB9/RJ45-PM",
"versions": [
{
"status": "affected",
"version": "SocketServer",
"versionType": "semver",
"lessThanOrEqual": "11.65"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/TCP-2DB9/RJ45-DIN",
"versions": [
{
"status": "affected",
"version": "SocketServer",
"versionType": "semver",
"lessThanOrEqual": "11.65"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/TCP-2ST/RJ45-DIN",
"versions": [
{
"status": "affected",
"version": "SocketServer",
"versionType": "semver",
"lessThanOrEqual": "11.65"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/TCP-4DB9/2RJ45-PM",
"versions": [
{
"status": "affected",
"version": "SocketServer",
"versionType": "semver",
"lessThanOrEqual": "11.65"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/TCP-8DB9/2RJ45-PM",
"versions": [
{
"status": "affected",
"version": "SocketServer",
"versionType": "semver",
"lessThanOrEqual": "11.65"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/TCP-16RJ45/RJ45-RM",
"versions": [
{
"status": "affected",
"version": "SocketServer",
"versionType": "semver",
"lessThanOrEqual": "11.65"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/TCP-16DB9/RJ45-RM",
"versions": [
{
"status": "affected",
"version": "SocketServer",
"versionType": "semver",
"lessThanOrEqual": "11.65"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/TCP-32RJ45/RJ45-RM",
"versions": [
{
"status": "affected",
"version": "SocketServer",
"versionType": "semver",
"lessThanOrEqual": "11.65"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/TCP-DB9/RJ45-PM2",
"versions": [
{
"status": "affected",
"version": "SocketServer",
"versionType": "semver",
"lessThanOrEqual": "11.65"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/TCP-16RJ45/2RJ45-PM",
"versions": [
{
"status": "affected",
"version": "SocketServer",
"versionType": "semver",
"lessThanOrEqual": "11.65"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/PN-DB9/RJ45-DIN",
"versions": [
{
"status": "affected",
"version": "PROFINET",
"versionType": "semver",
"lessThanOrEqual": "v3.4.9"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/PN-ST/RJ45-DIN",
"versions": [
{
"status": "affected",
"version": "PROFINET",
"versionType": "semver",
"lessThanOrEqual": "v3.4.9"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/PN-4DB9/2RJ45-DIN",
"versions": [
{
"status": "affected",
"version": "PROFINET",
"versionType": "semver",
"lessThanOrEqual": "v3.4.9"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/PN-DB9/RJ45-PM",
"versions": [
{
"status": "affected",
"version": "PROFINET",
"versionType": "semver",
"lessThanOrEqual": "v3.4.9"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/PN-2DB9/RJ45-DIN",
"versions": [
{
"status": "affected",
"version": "PROFINET",
"versionType": "semver",
"lessThanOrEqual": "v3.4.9"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/PN-2ST/RJ45-DIN",
"versions": [
{
"status": "affected",
"version": "PROFINET",
"versionType": "semver",
"lessThanOrEqual": "v3.4.9"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/PN1-DB9/RJ45-PM",
"versions": [
{
"status": "affected",
"version": "PROFINET/Modbus",
"versionType": "semver",
"lessThanOrEqual": "v1.0.7"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/PN1-DB9/RJ45-DIN",
"versions": [
{
"status": "affected",
"version": "PROFINET/Modbus",
"versionType": "semver",
"lessThanOrEqual": "v1.0.7"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/PN1-ST/RJ45-DIN",
"versions": [
{
"status": "affected",
"version": "PROFINET/Modbus",
"versionType": "semver",
"lessThanOrEqual": "v1.0.7"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/PN1-2DB9/RJ45-DIN",
"versions": [
{
"status": "affected",
"version": "PROFINET/Modbus",
"versionType": "semver",
"lessThanOrEqual": "v1.0.7"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/PN1-4DB9/2RJ45-DIN",
"versions": [
{
"status": "affected",
"version": "PROFINET/Modbus",
"versionType": "semver",
"lessThanOrEqual": "v1.0.7"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/PN1-2ST/RJ45-DIN",
"versions": [
{
"status": "affected",
"version": "PROFINET/Modbus",
"versionType": "semver",
"lessThanOrEqual": "v1.0.7"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/EN-DB9/RJ45-DIN",
"versions": [
{
"status": "affected",
"version": "EtherNet/IP",
"versionType": "semver",
"lessThanOrEqual": "v7.22"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/EN-ST/RJ45-DIN",
"versions": [
{
"status": "affected",
"version": "EtherNet/IP",
"versionType": "semver",
"lessThanOrEqual": "v7.22"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/EN-4DB9/2RJ45-DIN",
"versions": [
{
"status": "affected",
"version": "EtherNet/IP",
"versionType": "semver",
"lessThanOrEqual": "v7.22"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/EN-DB9/RJ45-PM",
"versions": [
{
"status": "affected",
"version": "EtherNet/IP",
"versionType": "semver",
"lessThanOrEqual": "v7.22"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/EN-2DB9/RJ45-DIN",
"versions": [
{
"status": "affected",
"version": "EtherNet/IP",
"versionType": "semver",
"lessThanOrEqual": "v7.22"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/EN-2ST/RJ45-DIN",
"versions": [
{
"status": "affected",
"version": "EtherNet/IP",
"versionType": "semver",
"lessThanOrEqual": "v7.22"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/EN1-DB9/RJ45-PM",
"versions": [
{
"status": "affected",
"version": "EIP/Modbus",
"versionType": "semver",
"lessThanOrEqual": "v1.08"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/EN1-DB9/RJ45-DIN",
"versions": [
{
"status": "affected",
"version": "EIP/Modbus",
"versionType": "semver",
"lessThanOrEqual": "v1.08"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/EN1-ST/RJ45-DIN",
"versions": [
{
"status": "affected",
"version": "EIP/Modbus",
"versionType": "semver",
"lessThanOrEqual": "v1.08"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/EN1-2DB9/RJ45-DIN",
"versions": [
{
"status": "affected",
"version": "EIP/Modbus",
"versionType": "semver",
"lessThanOrEqual": "v1.08"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/EN1-4DB9/2RJ45-DIN",
"versions": [
{
"status": "affected",
"version": "EIP/Modbus",
"versionType": "semver",
"lessThanOrEqual": "v1.08"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/EN1-2ST/RJ45-DIN",
"versions": [
{
"status": "affected",
"version": "EIP/Modbus",
"versionType": "semver",
"lessThanOrEqual": "v1.08"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/MOD-DB9/RJ45-DIN",
"versions": [
{
"status": "affected",
"version": "Modbus Router",
"versionType": "semver",
"lessThanOrEqual": "v7.09"
},
{
"status": "affected",
"version": "Modbus Server",
"versionType": "semver",
"lessThanOrEqual": "v7.11"
},
{
"status": "affected",
"version": "Modbus TCP",
"versionType": "semver",
"lessThanOrEqual": "v7.11"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/MOD-ST/RJ45-DIN",
"versions": [
{
"status": "affected",
"version": "Modbus Router",
"versionType": "semver",
"lessThanOrEqual": "v7.09"
},
{
"status": "affected",
"version": "Modbus Server",
"versionType": "semver",
"lessThanOrEqual": "v7.11"
},
{
"status": "affected",
"version": "Modbus TCP",
"versionType": "semver",
"lessThanOrEqual": "v7.11"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/MOD-4DB9/2RJ45-DIN",
"versions": [
{
"status": "affected",
"version": "Modbus Router",
"versionType": "semver",
"lessThanOrEqual": "v7.09"
},
{
"status": "affected",
"version": "Modbus Server",
"versionType": "semver",
"lessThanOrEqual": "v7.11"
},
{
"status": "affected",
"version": "Modbus TCP",
"versionType": "semver",
"lessThanOrEqual": "v7.11"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/MOD-DB9/RJ45-PM",
"versions": [
{
"status": "affected",
"version": "Modbus Router",
"versionType": "semver",
"lessThanOrEqual": "v7.09"
},
{
"status": "affected",
"version": "Modbus Server",
"versionType": "semver",
"lessThanOrEqual": "v7.11"
},
{
"status": "affected",
"version": "Modbus TCP",
"versionType": "semver",
"lessThanOrEqual": "v7.11"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/MOD-2DB9/RJ45-DIN",
"versions": [
{
"status": "affected",
"version": "Modbus Router",
"versionType": "semver",
"lessThanOrEqual": "v7.09"
},
{
"status": "affected",
"version": "Modbus Server",
"versionType": "semver",
"lessThanOrEqual": "v7.11"
},
{
"status": "affected",
"version": "Modbus TCP",
"versionType": "semver",
"lessThanOrEqual": "v7.11"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/MOD-2ST/RJ45-DIN",
"versions": [
{
"status": "affected",
"version": "Modbus Router",
"versionType": "semver",
"lessThanOrEqual": "v7.09"
},
{
"status": "affected",
"version": "Modbus Server",
"versionType": "semver",
"lessThanOrEqual": "v7.11"
},
{
"status": "affected",
"version": "Modbus TCP",
"versionType": "semver",
"lessThanOrEqual": "v7.11"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Pepperl+Fuchs",
"product": "ICDM-RX/MOD-16RJ45/2RJ45-PM",
"versions": [
{
"status": "affected",
"version": "Modbus Router",
"versionType": "semver",
"lessThanOrEqual": "v7.09"
},
{
"status": "affected",
"version": "Modbus Server",
"versionType": "semver",
"lessThanOrEqual": "v7.11"
},
{
"status": "affected",
"version": "Modbus TCP",
"versionType": "semver",
"lessThanOrEqual": "v7.11"
}
],
"defaultStatus": "unaffected"
}
]References
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
7.5
Confidence
Low
EPSS
0.001
Percentile
17.7%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-38501