CVE-2019-13943

Name of the Vulnerable Software and Affected Versions EN100 Ethernet module DNP3 variant (All versions) EN100 Ethernet module IEC 61850 variant (All versions < V4.37) EN100 Ethernet module IEC104 variant (All versions) EN100 Ethernet module Modbus TCP variant (All versions) EN100 Ethernet module PROFINET IO variant (All versions)

Description A security issue has been identified that could allow Cross-Site Scripting (XSS) attacks through the web interface. If an attacker can modify specific web page content, it may cause the application to behave unexpectedly for legitimate users. This issue can be exploited without the need for the attacker to be authenticated to the web interface, potentially allowing them to read or modify the web application's contents. At the time of publication, there were no known public exploitations of this issue.

Recommendations For EN100 Ethernet module DNP3 variant, update to a version that addresses the XSS issue. For EN100 Ethernet module IEC 61850 variant, update to version V4.37 or later. For EN100 Ethernet module IEC104 variant, update to a version that addresses the XSS issue. For EN100 Ethernet module Modbus TCP variant, update to a version that addresses the XSS issue. For EN100 Ethernet module PROFINET IO variant, update to a version that addresses the XSS issue.