CVE-2018-13809

Name of the Vulnerable Software and Affected Versions CP 1604 (All versions) CP 1616 (All versions)

Description A vulnerability has been identified that could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into following a malicious link. User interaction is required for a successful exploitation. The issue is related to the lack of protection measures for the web page structure. At the time of advisory publication, no public exploitation of this issue was known.

Recommendations For CP 1604 (All versions), consider implementing additional security measures to protect against Cross-Site Scripting attacks, such as validating user input and implementing web application firewalls. For CP 1616 (All versions), consider implementing additional security measures to protect against Cross-Site Scripting attacks, such as validating user input and implementing web application firewalls. As a temporary workaround, consider restricting access to the integrated web server of the affected CP devices to minimize the risk of exploitation.