Detections
Analytics

Omron NS HMIs 8.1xx <= 8.68x XSS

low Nessus Network Monitor Plugin ID 720047

Synopsis

Cross-site scripting (XSS) vulnerability in the web application on Omron NS HMI terminals allows injection of arbitrary scripts.

Description

Cross-site scripting (XSS) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to inject arbitrary web script or HTML via crafted data.

Solution

Perform vendor recommended mitigations and apply available vendor upgrades.

See Also

http://www.securityfocus.com/bid/68836,https://ics-cert.us-cert.gov/advisories/ICSA-14-203-01,http://ics-cert.us-cert.gov/advisories/ICSA-14-203-01

Plugin Details

Severity: Low

ID: 720047

Family: SCADA

Published: 5/8/2019

Updated: 9/30/2019

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Low

Base Score: 3.5

Temporal Score: 2.6

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Vulnerability Information

Patch Publication Date: 7/22/2014

Vulnerability Publication Date: 7/22/2014

Reference Information

CVE: CVE-2014-2370

BID: 68836