Sign-up

ID

VAR-201408-0354


CVE

CVE-2014-5382


TITLE

Schrack Technik microControl Of firmware Web Interface cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-003890

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Schrack Technik microControl with firmware 1.7.0 (937) allow remote attackers to inject arbitrary web script or HTML via the position textbox in the configuration menu or other unspecified vectors. Technik Microcontrol Firmware is prone to a cross-site scripting vulnerability. Schrack Technik microControl is a distributed power supply system (low power consumption system) of Schrack Technik Company in Austria

Trust: 1.98

sources: NVD: CVE-2014-5382 // JVNDB: JVNDB-2014-003890 // BID: 80077 // VULHUB: VHN-73323

AFFECTED PRODUCTS

vendor:schrackmodel:technik microcontrolscope:eqversion:1.7.0\(937\)

Trust: 1.6

vendor:schrackmodel:technik microcontrolscope:eqversion: -

Trust: 1.3

vendor:schrackmodel:technik microcontrolscope: - version: -

Trust: 0.8

vendor:schrackmodel:technik microcontrolscope:eqversion:1.7.0 (937)

Trust: 0.8

vendor:schrackmodel:technik microcontrolscope:eqversion:1.7.0(937)

Trust: 0.3

sources: BID: 80077 // JVNDB: JVNDB-2014-003890 // CNNVD: CNNVD-201408-323 // NVD: CVE-2014-5382

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-5382
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-5382
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201408-323
value: MEDIUM

Trust: 0.6

VULHUB: VHN-73323
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-5382
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-73323
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-73323 // JVNDB: JVNDB-2014-003890 // CNNVD: CNNVD-201408-323 // NVD: CVE-2014-5382

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-73323 // JVNDB: JVNDB-2014-003890 // NVD: CVE-2014-5382

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201408-323

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201408-323

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003890

PATCH
title:Schrack Ttechnik Osterreichurl:http://www.schrack.at/shop/sicherheitsbeleuchtung.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-003890

EXTERNAL IDS
db:NVDid:CVE-2014-5382
Trust: 2.8
db:JVNDBid:JVNDB-2014-003890
Trust: 0.8
db:CNNVDid:CNNVD-201408-323
Trust: 0.7
db:BIDid:80077
Trust: 0.4
db:VULHUBid:VHN-73323
Trust: 0.1
sources:
            
            
            VULHUB: VHN-73323 // 
            
            
            
            BID: 80077 // 
            
            
            
            JVNDB: JVNDB-2014-003890 // 
            
            
            
            CNNVD: CNNVD-201408-323 // 
            
            
            
            NVD: CVE-2014-5382

REFERENCES
url:https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140710-2_schrack_technik_microcontrol_multiple_critical_vulnerabilities_v10.txt
Trust: 2.8
url:http://seclists.org/fulldisclosure/2014/jul/40
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5382
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5382
Trust: 0.8
sources:
            
            
            VULHUB: VHN-73323 // 
            
            
            
            BID: 80077 // 
            
            
            
            JVNDB: JVNDB-2014-003890 // 
            
            
            
            CNNVD: CNNVD-201408-323 // 
            
            
            
            NVD: CVE-2014-5382

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 80077

SOURCES
db:VULHUBid:VHN-73323
db:BIDid:80077
db:JVNDBid:JVNDB-2014-003890
db:CNNVDid:CNNVD-201408-323
db:NVDid:CVE-2014-5382

LAST UPDATE DATE
2025-04-13T23:31:37.711000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-73323date:2014-08-21T00:00:00
db:BIDid:80077date:2014-08-20T00:00:00
db:JVNDBid:JVNDB-2014-003890date:2014-08-22T00:00:00
db:CNNVDid:CNNVD-201408-323date:2014-08-21T00:00:00
db:NVDid:CVE-2014-5382date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-73323date:2014-08-20T00:00:00
db:BIDid:80077date:2014-08-20T00:00:00
db:JVNDBid:JVNDB-2014-003890date:2014-08-22T00:00:00
db:CNNVDid:CNNVD-201408-323date:2014-08-21T00:00:00
db:NVDid:CVE-2014-5382date:2014-08-20T14:55:06.203