Details of VAR-201905-1042

ID

VAR-201905-1042

CVE

CVE-2018-7834

TITLE

Schneider Electric TSXETG100 Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-15524 // CNNVD: CNNVD-201905-914

DESCRIPTION

A CWE-79 Cross-Site Scripting vulnerability exists in all versions of the TSXETG100 allowing an attacker to send a specially crafted URL with an embedded script to a user that would then be executed within the context of that user. TSXETG100 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. SchneiderElectricTSXETG100 is an Ethernet gateway device from Schneider Electric, France. The vulnerability stems from the lack of proper validation of client data for web applications. An attacker could exploit the vulnerability to execute client code

Trust: 2.25

sources: NVD: CVE-2018-7834 // JVNDB: JVNDB-2018-015488 // CNVD: CNVD-2019-15524 // VULHUB: VHN-137866

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-15524

AFFECTED PRODUCTS

vendor:	schneider electric	model:	tsxetg100	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	connexium tsxetg100 gateway	scope:	-	version:	-	Trust: 0.8
vendor:	schneider	model:	electric tsxetg100	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-15524 // JVNDB: JVNDB-2018-015488 // NVD: CVE-2018-7834

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7834
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-7834
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-15524
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201905-914
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-137866
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-7834
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-15524
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-137866
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-7834
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-15524 // VULHUB: VHN-137866 // JVNDB: JVNDB-2018-015488 // CNNVD: CNNVD-201905-914 // NVD: CVE-2018-7834

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-137866 // JVNDB: JVNDB-2018-015488 // NVD: CVE-2018-7834

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-914

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201905-914

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015488

PATCH

title:

SEVD-2019-134-07

url:

https://www.schneider-electric.com/en/download/document/SEVD-2019-134-07/

Trust: 0.8

sources: JVNDB: JVNDB-2018-015488

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7834	Trust: 3.1
db:	SCHNEIDER	id:	SEVD-2019-134-07	Trust: 2.3
db:	JVNDB	id:	JVNDB-2018-015488	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-914	Trust: 0.7
db:	CNVD	id:	CNVD-2019-15524	Trust: 0.6
db:	VULHUB	id:	VHN-137866	Trust: 0.1

sources: CNVD: CNVD-2019-15524 // VULHUB: VHN-137866 // JVNDB: JVNDB-2018-015488 // CNNVD: CNNVD-201905-914 // NVD: CVE-2018-7834

REFERENCES

url:	https://www.schneider-electric.com/en/download/document/sevd-2019-134-07/	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7834	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7834	Trust: 0.8

sources: CNVD: CNVD-2019-15524 // VULHUB: VHN-137866 // JVNDB: JVNDB-2018-015488 // CNNVD: CNNVD-201905-914 // NVD: CVE-2018-7834

SOURCES

db:	CNVD	id:	CNVD-2019-15524
db:	VULHUB	id:	VHN-137866
db:	JVNDB	id:	JVNDB-2018-015488
db:	CNNVD	id:	CNNVD-201905-914
db:	NVD	id:	CVE-2018-7834

LAST UPDATE DATE

2024-11-23T23:11:52.467000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-15524	date:	2019-05-28T00:00:00
db:	VULHUB	id:	VHN-137866	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2018-015488	date:	2019-06-07T00:00:00
db:	CNNVD	id:	CNNVD-201905-914	date:	2019-05-24T00:00:00
db:	NVD	id:	CVE-2018-7834	date:	2024-11-21T04:12:50.817

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-15524	date:	2019-05-28T00:00:00
db:	VULHUB	id:	VHN-137866	date:	2019-05-22T00:00:00
db:	JVNDB	id:	JVNDB-2018-015488	date:	2019-06-07T00:00:00
db:	CNNVD	id:	CNNVD-201905-914	date:	2019-05-22T00:00:00
db:	NVD	id:	CVE-2018-7834	date:	2019-05-22T20:29:01.370