ID
VAR-201909-0864
CVE
CVE-2019-13923
TITLE
Siemens IE/WSN-PA Link WirelessHART Gateway Cross-Site Scripting Vulnerability
Trust: 0.8
sources:
IVD: 4a774231-21cb-486e-b391-9a0e6e02394c //
CNVD: CNVD-2019-31386
DESCRIPTION
A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions). The integrated configuration web server of the affected device could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known. IE/WSN-PA Link WirelessHART Gateway Contains a cross-site scripting vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. IE/WSN-PA Link is a gateway that connects a WirelessHART network to Industrial Ethernet. The vulnerability stems from the lack of proper validation of client data for web applications. An attacker could exploit the vulnerability to execute client code
Trust: 2.43
sources:
NVD: CVE-2019-13923 //
JVNDB: JVNDB-2019-009306 //
CNVD: CNVD-2019-31386 //
IVD: 4a774231-21cb-486e-b391-9a0e6e02394c //
VULHUB: VHN-145818
IOT TAXONOMY
| category: | ['ICS', 'Network device'] | sub_category: | - | Trust: 0.6 |
| category: | ['ICS'] | sub_category: | - | Trust: 0.2 |
| category: | ['network device'] | sub_category: | gateway | Trust: 0.1 |
sources:
OTHER: None //
IVD: 4a774231-21cb-486e-b391-9a0e6e02394c //
CNVD: CNVD-2019-31386
AFFECTED PRODUCTS
| vendor: | siemens | model: | ie\/wsn-pa link wirelesshart gateway | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | ie/wsn-pa link wirelesshart gateway | scope: | - | version: | - | Trust: 0.8 |
| vendor: | siemens | model: | ie/wsn-pa link | scope: | - | version: | - | Trust: 0.6 |
| vendor: | ie wsn pa link wirelesshart gateway | model: | - | scope: | eq | version: | * | Trust: 0.2 |
sources:
IVD: 4a774231-21cb-486e-b391-9a0e6e02394c //
CNVD: CNVD-2019-31386 //
JVNDB: JVNDB-2019-009306 //
NVD: CVE-2019-13923
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
IVD: 4a774231-21cb-486e-b391-9a0e6e02394c //
CNVD: CNVD-2019-31386 //
VULHUB: VHN-145818 //
JVNDB: JVNDB-2019-009306 //
CNNVD: CNNVD-201909-459 //
NVD: CVE-2019-13923
PROBLEMTYPE DATA
| problemtype: | CWE-79 | Trust: 1.9 |
| problemtype: | CWE-80 | Trust: 1.0 |
sources:
VULHUB: VHN-145818 //
JVNDB: JVNDB-2019-009306 //
NVD: CVE-2019-13923
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201909-459
TYPE
XSS
Trust: 0.6
sources:
CNNVD: CNNVD-201909-459
CONFIGURATIONS
sources:
JVNDB: JVNDB-2019-009306
PATCH
| title: | SSA-191683 | url: | https://cert-portal.siemens.com/productcert/pdf/ssa-191683.pdf | Trust: 0.8 |
| title: | Siemens IE/WSN-PA Link WirelessHART Gateway Cross-Site Scripting Vulnerability Patch | url: | https://www.cnvd.org.cn/patchInfo/show/180399 | Trust: 0.6 |
| title: | Siemens IE-WSN-PA Link WirelessHART Gateway Fixes for cross-site scripting vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98052 | Trust: 0.6 |
sources:
CNVD: CNVD-2019-31386 //
JVNDB: JVNDB-2019-009306 //
CNNVD: CNNVD-201909-459
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-13923 | Trust: 3.4 |
| db: | ICS CERT | id: | ICSA-19-253-04 | Trust: 3.1 |
| db: | SIEMENS | id: | SSA-191683 | Trust: 1.7 |
| db: | CNNVD | id: | CNNVD-201909-459 | Trust: 0.9 |
| db: | CNVD | id: | CNVD-2019-31386 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2019-009306 | Trust: 0.8 |
| db: | AUSCERT | id: | ESB-2019.3445 | Trust: 0.6 |
| db: | IVD | id: | 4A774231-21CB-486E-B391-9A0E6E02394C | Trust: 0.2 |
| db: | OTHER | id: | NONE | Trust: 0.1 |
| db: | VULHUB | id: | VHN-145818 | Trust: 0.1 |
sources:
OTHER: None //
IVD: 4a774231-21cb-486e-b391-9a0e6e02394c //
CNVD: CNVD-2019-31386 //
VULHUB: VHN-145818 //
JVNDB: JVNDB-2019-009306 //
CNNVD: CNNVD-201909-459 //
NVD: CVE-2019-13923
REFERENCES
| url: | https://www.us-cert.gov/ics/advisories/icsa-19-253-04 | Trust: 3.1 |
| url: | https://cert-portal.siemens.com/productcert/pdf/ssa-191683.pdf | Trust: 1.7 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-13923 | Trust: 1.4 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13923 | Trust: 0.8 |
| url: | https://www.auscert.org.au/bulletins/esb-2019.3445/ | Trust: 0.6 |
| url: | https://ieeexplore.ieee.org/abstract/document/10769424 | Trust: 0.1 |
sources:
OTHER: None //
CNVD: CNVD-2019-31386 //
VULHUB: VHN-145818 //
JVNDB: JVNDB-2019-009306 //
CNNVD: CNNVD-201909-459 //
NVD: CVE-2019-13923
SOURCES
| db: | OTHER | id: | - |
| db: | IVD | id: | 4a774231-21cb-486e-b391-9a0e6e02394c |
| db: | CNVD | id: | CNVD-2019-31386 |
| db: | VULHUB | id: | VHN-145818 |
| db: | JVNDB | id: | JVNDB-2019-009306 |
| db: | CNNVD | id: | CNNVD-201909-459 |
| db: | NVD | id: | CVE-2019-13923 |
LAST UPDATE DATE
2025-01-30T20:38:59.041000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2019-31386 | date: | 2019-09-16T00:00:00 |
| db: | VULHUB | id: | VHN-145818 | date: | 2019-09-24T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-009306 | date: | 2019-10-04T00:00:00 |
| db: | CNNVD | id: | CNNVD-201909-459 | date: | 2019-09-30T00:00:00 |
| db: | NVD | id: | CVE-2019-13923 | date: | 2024-11-21T04:25:42.430 |
SOURCES RELEASE DATE
| db: | IVD | id: | 4a774231-21cb-486e-b391-9a0e6e02394c | date: | 2019-09-16T00:00:00 |
| db: | CNVD | id: | CNVD-2019-31386 | date: | 2019-09-16T00:00:00 |
| db: | VULHUB | id: | VHN-145818 | date: | 2019-09-13T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-009306 | date: | 2019-09-18T00:00:00 |
| db: | CNNVD | id: | CNNVD-201909-459 | date: | 2019-09-10T00:00:00 |
| db: | NVD | id: | CVE-2019-13923 | date: | 2019-09-13T17:15:11.977 |