Share: Email | Twitter

ID

VDE-2023-027

Published

2023-08-07 11:35 (CEST)

Last update

2023-08-07 11:35 (CEST)

Vendor(s)

AUMA Riester GmbH & Co. KG

Product(s)

Article No° Product Name Affected Version(s)
SIMA² Master Station all versions

Summary

A reflected cross-site scripting vulnerability exists in the System Diagnostics Manager (SDM) component of SIMA² Master Stations.


Last Update:

31. Juli 2023 15:47

Weakness

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')  (CWE-79) 

Summary

A reflected cross-site scripting (XSS) vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions >=3.00 and <=C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session.


Impact

Please consult the CVE details.

Solution

Mitigation

Do not use Hyperlinks provided by untrusted 3rd party to access the SIMA² System Diagnostics Manager. Hyperlinks may be provided via:
• Emails from unknown users
• Social media channels
• Messaging services
• Webpages with comment functionality
• QR Codes
The use of external Web Application Firewalls (WAF) can mitigate attacks using reflected cross-site scripting.

Remediation

none

Reported by

CERT@VDE coordinated with AUMA.