CVE-2024-38380
published 2024-09-17CVE-2024-38380: This vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user's browser, allowing an attacker to execute…
PriorityP427medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.40%
31.9th percentile
This vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user's browser, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser session.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| millbeck_communications | proroute_h685t-w | — | — |
| millbeckcommunications | proroute_h685t-w_firmware | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Millbeck Communications Proroute H685t-w
cisa_ics·2024-09-17·CVSS 5.5
[MEDIUM] Millbeck Communications Proroute H685t-w
ICS Advisory
##
Millbeck Communications Proroute H685t-w
Release DateSeptember 17, 2024
Alert CodeICSA-24-261-02
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Millbeck Communications
- Equipment: Proroute H685t-w
- Vulnerabilities: Command Injection, Cross-site Scripting
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary commands on the device's operating system.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Millbeck Communications Proroute H685t-w, a 4G router, are affected:
- Proroute H685t-w: Version 3.
CISA ICS
Siemens SIMATIC and SIPLUS
cisa_ics·2024-06-13
Siemens SIMATIC and SIPLUS
ICS Advisory
##
Siemens SIMATIC and SIPLUS
Release DateJune 13, 2024
Alert CodeICSA-24-165-10
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC, SIPLUS
- Vulnerabilities: Inadequate Encryption Strength, Improper Restriction of Operations within the Bounds of a Memory Bu
GHSA
GHSA-xr64-7w22-vxqw: This vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user's browser, allowing an attacker to exec
ghsa_unreviewed·2024-09-17
CVE-2024-38380 [MEDIUM] CWE-79 GHSA-xr64-7w22-vxqw: This vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user's browser, allowing an attacker to exec
This vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user's browser, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser session.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-09-17
Published