Sign-up

ID

VAR-201912-1180


CVE

CVE-2019-13931


TITLE

XHQ Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2019-013308

DESCRIPTION

A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow for an an attacker to craft the input in a form that is not expected, causing the application to behave in unexpected ways for legitimate users. Successful exploitation requires for an attacker to be authenticated to the web interface. A successful attack could cause the application to have unexpected behavior. This could allow the attacker to modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known. XHQ Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Siemens XHQ production and operation intelligence is Siemens Energy's flagship solution, which is widely deployed in the world's largest oil and gas and chemical companies

Trust: 2.34

sources: NVD: CVE-2019-13931 // JVNDB: JVNDB-2019-013308 // CNVD: CNVD-2019-46389 // IVD: 56848c80-5e65-4072-8c64-8d971c79a360

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 56848c80-5e65-4072-8c64-8d971c79a360 // CNVD: CNVD-2019-46389

AFFECTED PRODUCTS

vendor:siemensmodel:xhqscope:ltversion:6.0.0.2

Trust: 1.8

vendor:siemensmodel:xhqscope:ltversion:v6.0.0.2

Trust: 0.6

vendor:siemensmodel:xhqscope:eqversion: -

Trust: 0.6

vendor:siemensmodel:xhqscope:eqversion:6.0.0.0

Trust: 0.6

vendor:xhqmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 56848c80-5e65-4072-8c64-8d971c79a360 // CNVD: CNVD-2019-46389 // JVNDB: JVNDB-2019-013308 // CNNVD: CNNVD-201912-418 // NVD: CVE-2019-13931

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13931
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-13931
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-46389
value: LOW

Trust: 0.6

CNNVD: CNNVD-201912-418
value: MEDIUM

Trust: 0.6

IVD: 56848c80-5e65-4072-8c64-8d971c79a360
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2019-13931
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-46389
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 56848c80-5e65-4072-8c64-8d971c79a360
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-13931
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2019-13931
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 56848c80-5e65-4072-8c64-8d971c79a360 // CNVD: CNVD-2019-46389 // JVNDB: JVNDB-2019-013308 // CNNVD: CNNVD-201912-418 // NVD: CVE-2019-13931

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

problemtype:CWE-80

Trust: 1.0

sources: JVNDB: JVNDB-2019-013308 // NVD: CVE-2019-13931

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-418

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201912-418

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013308

PATCH
title:SSA-525454url:https://cert-portal.siemens.com/productcert/pdf/ssa-525454.pdf
Trust: 0.8
title:Patch for Unknown vulnerability in Siemens XHQurl:https://www.cnvd.org.cn/patchInfo/show/194755
Trust: 0.6
title:Siemens XHQ Operations Intelligence Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105785
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-46389 // 
            
            
            
            JVNDB: JVNDB-2019-013308 // 
            
            
            
            CNNVD: CNNVD-201912-418

EXTERNAL IDS
db:NVDid:CVE-2019-13931
Trust: 3.2
db:SIEMENSid:SSA-525454
Trust: 1.6
db:ICS CERTid:ICSA-19-344-05
Trust: 1.2
db:CNVDid:CNVD-2019-46389
Trust: 0.8
db:CNNVDid:CNNVD-201912-418
Trust: 0.8
db:JVNDBid:JVNDB-2019-013308
Trust: 0.8
db:AUSCERTid:ESB-2019.4622
Trust: 0.6
db:IVDid:56848C80-5E65-4072-8C64-8D971C79A360
Trust: 0.2
sources:
            
            
            IVD: 56848c80-5e65-4072-8c64-8d971c79a360 // 
            
            
            
            CNVD: CNVD-2019-46389 // 
            
            
            
            JVNDB: JVNDB-2019-013308 // 
            
            
            
            CNNVD: CNNVD-201912-418 // 
            
            
            
            NVD: CVE-2019-13931

REFERENCES
url:https://cert-portal.siemens.com/productcert/pdf/ssa-525454.pdf
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-13931
Trust: 1.4
url:https://www.us-cert.gov/ics/advisories/icsa-19-344-05
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13931
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.4622/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-46389 // 
            
            
            
            JVNDB: JVNDB-2019-013308 // 
            
            
            
            CNNVD: CNNVD-201912-418 // 
            
            
            
            NVD: CVE-2019-13931

SOURCES
db:IVDid:56848c80-5e65-4072-8c64-8d971c79a360
db:CNVDid:CNVD-2019-46389
db:JVNDBid:JVNDB-2019-013308
db:CNNVDid:CNNVD-201912-418
db:NVDid:CVE-2019-13931

LAST UPDATE DATE
2024-11-23T21:59:33.330000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-46389date:2019-12-20T00:00:00
db:JVNDBid:JVNDB-2019-013308date:2019-12-25T00:00:00
db:CNNVDid:CNNVD-201912-418date:2019-12-27T00:00:00
db:NVDid:CVE-2019-13931date:2024-11-21T04:25:43.303

SOURCES RELEASE DATE
db:IVDid:56848c80-5e65-4072-8c64-8d971c79a360date:2019-12-20T00:00:00
db:CNVDid:CNVD-2019-46389date:2019-12-20T00:00:00
db:JVNDBid:JVNDB-2019-013308date:2019-12-25T00:00:00
db:CNNVDid:CNNVD-201912-418date:2019-12-10T00:00:00
db:NVDid:CVE-2019-13931date:2019-12-12T19:15:14.827