PT-2019-18141 · Psi Gridconnect Gmbh · Smart Telecontrol Unit Tcg+4
M. Can Kurnaz
·
Published
2019-03-05
·
Updated
2020-10-19
·
CVE-2019-6528
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PSI GridConnect GmbH Telecontrol Gateway and Smart Telecontrol Unit family, IEC104 Security Proxy versions
Telecontrol Gateway 3G versions 4.2.21 through 6.0.16 and prior
Telecontrol Gateway XS-MU versions 4.2.21 through 6.0.16 and prior
Telecontrol Gateway VM versions 4.2.21 through 6.0.16 and prior
Smart Telecontrol Unit TCG versions 5.0.27 through 6.0.16 and prior
IEC104 Security Proxy versions prior to 2.2.10
Description
The web application browser interprets input as active HTML, JavaScript, or VBScript, which could allow an attacker to execute arbitrary code.
Recommendations
For Telecontrol Gateway 3G versions 4.2.21 through 6.0.16 and prior, update to a version later than 6.0.16.
For Telecontrol Gateway XS-MU versions 4.2.21 through 6.0.16 and prior, update to a version later than 6.0.16.
For Telecontrol Gateway VM versions 4.2.21 through 6.0.16 and prior, update to a version later than 6.0.16.
For Smart Telecontrol Unit TCG versions 5.0.27 through 6.0.16 and prior, update to a version later than 6.0.16.
For IEC104 Security Proxy versions prior to 2.2.10, update to a version later than 2.2.10.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Iec104 Security Proxy
Smart Telecontrol Unit Tcg
Telecontrol Gateway 3G
Telecontrol Gateway Vm
Telecontrol Gateway Xs-Mu