In Advantech Spectre RT Industrial Routers ERT351 5.1.3 and prior, the affected product does not neutralize special characters in the error response, allowing attackers to use a reflected XSS attack.
References
| Link | Resource |
|---|---|
| https://ep.advantech-bb.cz/support/router-models/download/511/sa-2021-01-fw-5.1.3-and-older-en.pdf | Vendor Advisory |
| https://us-cert.cisa.gov/ics/advisories/icsa-21-054-03 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
| AND |
|
History
23 Mar 2021, 19:16
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.1 |
| CPE | cpe:2.3:o:advantech:spectre_rt_ert351_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:advantech:spectre_rt_ert351:-:*:*:*:*:*:*:* |
|
| References | (MISC) https://ep.advantech-bb.cz/support/router-models/download/511/sa-2021-01-fw-5.1.3-and-older-en.pdf - Vendor Advisory | |
| References | (MISC) https://us-cert.cisa.gov/ics/advisories/icsa-21-054-03 - Third Party Advisory, US Government Resource |
17 Mar 2021, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2021-03-17 19:15
Updated : 2023-12-10 13:41
NVD link : CVE-2019-18233
Mitre link : CVE-2019-18233
CVE.ORG link : CVE-2019-18233
JSON object : View
Products Affected
advantech
- spectre_rt_ert351_firmware
- spectre_rt_ert351
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')