Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). The web interface could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify content of particular web pages, causing the application to behave in unexpected ways for legitimate users. Successful exploitation does not require for an attacker to be authenticated to the web interface. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security. vulnerability was known.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Siemens EN100 Ethernet Module 跨站脚本漏洞
Vulnerability Description
Siemens EN100 Ethernet Module中存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。以下产品及版本受到影响:使用DNP3 TCP固件变体的EN100 Ethernet module,使用IEC 61850固件变体的EN100 Ethernet module,使用IEC104固件变体的EN100 Ethernet module,使用Modbus TCP固件变体的EN100 Ethernet module,使用PROFINET IO固
CVSS Information
N/A
Vulnerability Type
N/A