Details of VAR-201708-1643

ID

VAR-201708-1643

TITLE

Schneider Electric Pelco Sarix/Spectra Cameras Cross-Site Scripting Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-23310

DESCRIPTION

PelcoSarix/SpectraCameras is a camera. A cross-site scripting vulnerability exists in SchneiderElectricPelcoSarix/SpectraCameras. When passed to multiple scripts through multiple parameters, it is not properly filtered before being returned to the user. An attacker could exploit the script code in the user's browser session and the arbitrary HTML of the user in the context of the affected site.

Trust: 0.6

sources: CNVD: CNVD-2017-23310

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-23310

AFFECTED PRODUCTS

vendor:	schneider	model:	electric spectra enhanced model: d6230 2.2.0.5.9340-a0.0	scope:	eq	version:	-	Trust: 0.6
vendor:	schneider	model:	electric sarix model: id10dn 1.8.2.18-20121109-1.9110-o3.8503	scope:	eq	version:	-	Trust: 0.6
vendor:	schneider	model:	electric sarix model: d5230 1.9.2.23-20141118-1.9330-a1.10722	scope:	eq	version:	-	Trust: 0.6
vendor:	schneider	model:	electric sarix enhanced model: ime119 2.1.2.0.8280-a0.0	scope:	eq	version:	-	Trust: 0.6
vendor:	schneider	model:	electric sarix enhanced model: ime219 2.1.2.0.8280-a0.0	scope:	eq	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-23310

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2017-23310
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2017-23310
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2017-23310

EXTERNAL IDS

db:	EXPLOITALERT	id:	27105	Trust: 0.6
db:	CNVD	id:	CNVD-2017-23310	Trust: 0.6

sources: CNVD: CNVD-2017-23310

REFERENCES

url:

http://www.exploitalert.com/view-details.html?id=27105

Trust: 0.6

sources: CNVD: CNVD-2017-23310

SOURCES

db:

CNVD

id:

CNVD-2017-23310

LAST UPDATE DATE

2022-05-17T01:43:11.229000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2017-23310

date:

2017-08-28T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2017-23310

date:

2017-08-28T00:00:00