CVE-2017-6053
published 2017-06-21CVE-2017-6053: A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code…
PriorityP422medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
0.83%
52.8th percentile
A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within the user's browser.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| trihedral | vtscada | <= 11.2.23 | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Trihedral Engineering Limited VTScada
cisa_ics·2017-10-31
Trihedral Engineering Limited VTScada
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Trihedral Engineering Limited VTScada
Last RevisedOctober 31, 2017
Alert CodeICSA-17-164-01
## CVSS v3 7.5
ATTENTION: Remotely exploitable/low skill level to exploit.
Vendor: Trihedral Engineering Limited
Equipment: VTScada
Vulnerability: Resource Consumption, Cross-Site Scripting, Information Exposure
## AFFECTED PRODUCTS
The following versions of VTScada, an HMI SCADA software, are affected:
- VTScada Versions prior to 11.2.26
## IMPACT
Successful exploitation of these vulnerabilities could result in uncontrolled resource consumption, arbitrary code execution, or infor
GHSA
GHSA-h55q-pqvr-x64q: A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11
ghsa_unreviewed·2022-05-13
CVE-2017-6053 [MEDIUM] CWE-79 GHSA-h55q-pqvr-x64q: A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11
A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within the user's browser.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-06-21
Published