Sign-up

ID

VAR-201205-0119


CVE

CVE-2012-1990


TITLE

Schneider Electric Kerweb and Kerwin Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2012-002507

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric Kerweb before 3.0.1 and Kerwin before 6.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the evtvariablename parameter in an evts.xml action to kw.dll, (2) unspecified search fields, or (3) unspecified content-display fields. (1) kw.dll of evts.xml In action evtvariablename Parameters (2) Unspecified search field (3) Unspecified content display field. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The kw.dll provided by Schneider Electric Telecontrol Kerwin/Kerweb fails to properly filter the 'evtvariablename' parameter, etc., and an attacker can exploit the vulnerability for HTML injection attacks, build malicious WEB pages, entice users to parse, obtain sensitive information or hijack user sessions. Multiple Schneider Electric Telecontrol products are prone to an HTML-injection vulnerability because they fail to sufficiently sanitize user-supplied data before it is used in dynamic content. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and control how the site is rendered to the user; other attacks are also possible. The following products are affected: Schneider Electric Telecontrol Kerweb versions prior to 3.0.1 Schneider Electric Telecontrol Kerwin versions prior to 6.0.1. Thus, the web application suffers from multiple reflected XSS vulnerabilities. Exploitation is made easier as parameters are passed with GET HTTP method. Example: An URL can be forged by injecting code in one of the parameter, like 'evtvariablename' here: http://<server>/kw.dll?page=evts.xml&sessionid=xxx&nomenu=&typeevtwin=alms&dt=&gtvariablevalue=&ltvariablevalue=&variablevalue=&nevariablevalue=&evtclass=&evtdevicezone=&evtdevicecountry=&evtdeviceregion=&evtstatustype=&evtseveritytype=&evtstatus=&evtseverity=&evtlevel=&gtdateapp=&ltdateapp=&gtdaterec=&ltdaterec=&evtvariablename="</script><script>alert(1)</script>"&evtdevicename=&evtnature=&evttype=&gtduration=&ltduration=&gtdurationvalue=&gtdurationwide=1&ltdurationvalue=&ltdurationwide=1 Vendor status: Vendor was contacted and a fix was released (with Kerweb 3.0.1 and Kerwin 6.0.1) Mitigation: Upgrade to Kerweb 3.0.1 and Kerwin 6.0.1 CVE: CVE-2012-1990 Timeline: 06/20/2011: vendor disclosure (ticket reference : KN10915) 07/22/2011: vendor response 09/01/2012: fix released 05/05/2012: public disclosure --- phocean . ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Schneider Electric Kerwin Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA49041 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49041/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49041 RELEASE DATE: 2012-05-10 DISCUSS ADVISORY: http://secunia.com/advisories/49041/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/49041/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=49041 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: phocean has reported some vulnerabilities in Kerwin, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed via the "evtvariablename" parameter to kw.dll is not properly sanitised before being returned to the user. 2) Certain input used for searching and displaying content is not properly sanitised before being returned to the user. SOLUTION: Reportedly fixed in version 6.0.1. PROVIDED AND/OR DISCOVERED BY: phocean ORIGINAL ADVISORY: http://www.phocean.net/2012/05/08/cve-2012-1990-kerwebkerwin-xss-vulnerabilities.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.88

sources: NVD: CVE-2012-1990 // JVNDB: JVNDB-2012-002507 // CNVD: CNVD-2012-2388 // BID: 53409 // IVD: d180bf94-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-55271 // PACKETSTORM: 112487 // PACKETSTORM: 112613

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: d180bf94-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-2388

AFFECTED PRODUCTS

vendor:schneider electricmodel:kerwinscope:lteversion:6.0

Trust: 1.0

vendor:schneider electricmodel:kerwebscope:lteversion:3.0

Trust: 1.0

vendor:schneidermodel:electric telecontrol kerwinscope:eqversion:6.0.0

Trust: 0.9

vendor:schneidermodel:electric telecontrol kerwebscope:eqversion:3.0.0

Trust: 0.9

vendor:schneider electricmodel:kerwebscope:ltversion:3.0.1

Trust: 0.8

vendor:schneider electricmodel:kerwinscope:ltversion:6.0.1

Trust: 0.8

vendor:schneider electricmodel:kerwebscope:eqversion:3.0

Trust: 0.6

vendor:schneider electricmodel:kerwinscope:eqversion:6.0

Trust: 0.6

vendor:schneidermodel:electric telecontrol kerwinscope:neversion:6.0.1

Trust: 0.3

vendor:schneidermodel:electric telecontrol kerwebscope:neversion:3.0.1

Trust: 0.3

vendor:kerwebmodel: - scope:eqversion:*

Trust: 0.2

vendor:kerwinmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: d180bf94-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-2388 // BID: 53409 // JVNDB: JVNDB-2012-002507 // CNNVD: CNNVD-201205-392 // NVD: CVE-2012-1990

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-1990
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-1990
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201205-392
value: MEDIUM

Trust: 0.6

IVD: d180bf94-2353-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-55271
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-1990
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: d180bf94-2353-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-55271
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: d180bf94-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-55271 // JVNDB: JVNDB-2012-002507 // CNNVD: CNNVD-201205-392 // NVD: CVE-2012-1990

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-55271 // JVNDB: JVNDB-2012-002507 // NVD: CVE-2012-1990

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201205-392

TYPE

xss

Trust: 0.8

sources: PACKETSTORM: 112487 // PACKETSTORM: 112613 // CNNVD: CNNVD-201205-392

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-002507

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-55271

PATCH
title:Top Pageurl:http://www.schneider-electric.com/
Trust: 0.8
title:Kerwinurl:http://www2.schneider-electric.com/sites/corporate/en/products-services/energy-distribution/products-offer/range-presentation.page?c_filepath=/templatedata/Offer_Presentation/3_Range_Datasheet/data/en/shared/energy_distribution/kerwin.xml&p_range_id=60155
Trust: 0.8
title:γ‚΅γƒγƒΌγƒˆurl:http://www.schneider-electric.co.jp/sites/japan/jp/support/contact/we-care.page
Trust: 0.8
title:Top Pageurl:http://www.schneider-electric.com/site/home/index.cfm/jp/
Trust: 0.8
title:Schneider Electric Telecontrol product 'kw.dll' HTML injection vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/16731
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2012-2388 // 
            
            
            
            JVNDB: JVNDB-2012-002507

EXTERNAL IDS
db:NVDid:CVE-2012-1990
Trust: 3.8
db:BIDid:53409
Trust: 1.4
db:SECUNIAid:49041
Trust: 1.3
db:CNNVDid:CNNVD-201205-392
Trust: 0.9
db:CNVDid:CNVD-2012-2388
Trust: 0.8
db:JVNDBid:JVNDB-2012-002507
Trust: 0.8
db:IVDid:D180BF94-2353-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:PACKETSTORMid:112487
Trust: 0.2
db:EXPLOIT-DBid:37137
Trust: 0.1
db:VULHUBid:VHN-55271
Trust: 0.1
db:PACKETSTORMid:112613
Trust: 0.1
sources:
            
            
            IVD: d180bf94-2353-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2012-2388 // 
            
            
            
            VULHUB: VHN-55271 // 
            
            
            
            BID: 53409 // 
            
            
            
            JVNDB: JVNDB-2012-002507 // 
            
            
            
            PACKETSTORM: 112487 // 
            
            
            
            PACKETSTORM: 112613 // 
            
            
            
            CNNVD: CNNVD-201205-392 // 
            
            
            
            NVD: CVE-2012-1990

REFERENCES
url:http://www.phocean.net/2012/05/08/cve-2012-1990-kerwebkerwin-xss-vulnerabilities.html
Trust: 1.8
url:http://www.securityfocus.com/bid/53409
Trust: 1.1
url:http://secunia.com/advisories/49041
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1990
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1990
Trust: 0.8
url:http://seclists.org/fulldisclosure/2012/may/43
Trust: 0.6
url:http://kerweb.software.informer.com/
Trust: 0.3
url:http://kerwin.software.informer.com/
Trust: 0.3
url:http://<server>/kw.dll?page=evts.xml&sessionid=xxx&nomenu=&typeevtwin=alms&dt=&gtvariablevalue=&ltvariablevalue=&variablevalue=&nevariablevalue=&evtclass=&evtdevicezone=&evtdevicecountry=&evtdeviceregion=&evtstatustype=&evtseveritytype=&evtstatus=&evtseverity=&evtlevel=&gtdateapp=&ltdateapp=&gtdaterec=&ltdaterec=&evtvariablename="</script><script>alert(1)</script>"&evtdevicename=&evtnature=&evttype=&gtduration=&ltduration=&gtdurationvalue=&gtdurationwide=1&ltdurationvalue=&ltdurationwide=1
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-1990
Trust: 0.1
url:http://secunia.com/psi_30_beta_launch
Trust: 0.1
url:http://secunia.com/vulnerability_intelligence/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/49041/#comments
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=49041
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/49041/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2012-2388 // 
            
            
            
            VULHUB: VHN-55271 // 
            
            
            
            BID: 53409 // 
            
            
            
            JVNDB: JVNDB-2012-002507 // 
            
            
            
            PACKETSTORM: 112487 // 
            
            
            
            PACKETSTORM: 112613 // 
            
            
            
            CNNVD: CNNVD-201205-392 // 
            
            
            
            NVD: CVE-2012-1990

CREDITS
phocean
Trust: 0.4
sources:
            
            
            BID: 53409 // 
            
            
            
            PACKETSTORM: 112487

SOURCES
db:IVDid:d180bf94-2353-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-2388
db:VULHUBid:VHN-55271
db:BIDid:53409
db:JVNDBid:JVNDB-2012-002507
db:PACKETSTORMid:112487
db:PACKETSTORMid:112613
db:CNNVDid:CNNVD-201205-392
db:NVDid:CVE-2012-1990

LAST UPDATE DATE
2025-04-11T23:12:57.771000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2012-2388date:2012-05-09T00:00:00
db:VULHUBid:VHN-55271date:2013-05-15T00:00:00
db:BIDid:53409date:2012-05-06T00:00:00
db:JVNDBid:JVNDB-2012-002507date:2012-05-24T00:00:00
db:CNNVDid:CNNVD-201205-392date:2012-05-23T00:00:00
db:NVDid:CVE-2012-1990date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:d180bf94-2353-11e6-abef-000c29c66e3ddate:2012-05-09T00:00:00
db:CNVDid:CNVD-2012-2388date:2012-05-09T00:00:00
db:VULHUBid:VHN-55271date:2012-05-22T00:00:00
db:BIDid:53409date:2012-05-06T00:00:00
db:JVNDBid:JVNDB-2012-002507date:2012-05-24T00:00:00
db:PACKETSTORMid:112487date:2012-05-06T02:20:00
db:PACKETSTORMid:112613date:2012-05-10T06:23:23
db:CNNVDid:CNNVD-201205-392date:2012-05-23T00:00:00
db:NVDid:CVE-2012-1990date:2012-05-22T16:55:01.180