CVE-2019-19393 - OpenCVE

The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.00_2 to V3.15.70_4 devices fails to sanitize user input on the system configurations page. This allows an attacker to backdoor the device with HTML and browser-interpreted content (such as JavaScript or other client-side scripts) as the content is always displayed after and before login. Persistent XSS allows an attacker to modify displayed content or to change the victim's information. Successful exploitation requires access to the web management interface, either with valid credentials or a hijacked session.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Rittal	Cmc Pu Iii 7030.000 Cmc Pu Iii 7030.000 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:rittal:cmc_pu_iii_7030.000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:rittal:cmc_pu_iii_7030.000:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/miguelhamal/CVE-2019-19393	Third Party Advisory
https://www.rittal.us/monitoring-security/cmc-iii.html	Broken Link Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-10-01T16:55:05

Updated: 2020-10-01T16:55:05

Reserved: 2019-11-29T00:00:00

Link: CVE-2019-19393

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-10-01T17:15:13.057

Modified: 2020-10-13T13:40:50.527

Link: CVE-2019-19393

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.00_2 to V3.15.70_4 devices fails to sanitize user input on the system configurations page. This allows an attacker to backdoor the device with HTML and browser-interpreted content (such as JavaScript or other client-side scripts) as the content is always displayed after and before login. Persistent XSS allows an attacker to modify displayed content or to change the victim's information. Successful exploitation requires access to the web management interface, either with valid credentials or a hijacked session."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-01T16:55:05", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.rittal.us/monitoring-security/cmc-iii.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/miguelhamal/CVE-2019-19393"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-19393", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.00_2 to V3.15.70_4 devices fails to sanitize user input on the system configurations page. This allows an attacker to backdoor the device with HTML and browser-interpreted content (such as JavaScript or other client-side scripts) as the content is always displayed after and before login. Persistent XSS allows an attacker to modify displayed content or to change the victim's information. Successful exploitation requires access to the web management interface, either with valid credentials or a hijacked session."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.rittal.us/monitoring-security/cmc-iii.html", "refsource": "MISC", "url": "https://www.rittal.us/monitoring-security/cmc-iii.html"}, {"name": "https://github.com/miguelhamal/CVE-2019-19393", "refsource": "MISC", "url": "https://github.com/miguelhamal/CVE-2019-19393"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-19393", "datePublished": "2020-10-01T16:55:05", "dateReserved": "2019-11-29T00:00:00", "dateUpdated": "2020-10-01T16:55:05", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:rittal:cmc_pu_iii_7030.000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6543A85E-D583-4845-8708-A9014E76D411", "versionEndIncluding": "3.15.70_4", "versionStartIncluding": "3.11.00_2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:rittal:cmc_pu_iii_7030.000:*:*:*:*:*:*:*:*", "matchCriteriaId": "8DC10999-2CB2-4607-9D48-3047B09502BB", "versionEndIncluding": "6.01", "versionStartIncluding": "3.00", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.00_2 to V3.15.70_4 devices fails to sanitize user input on the system configurations page. This allows an attacker to backdoor the device with HTML and browser-interpreted content (such as JavaScript or other client-side scripts) as the content is always displayed after and before login. Persistent XSS allows an attacker to modify displayed content or to change the victim's information. Successful exploitation requires access to the web management interface, either with valid credentials or a hijacked session."}, {"lang": "es", "value": "La aplicaci\u00f3n Web de los dispositivos Rittal CMC PU III 7030.000 versiones V3.00, V3.11.00_2 hasta V3.15.70_4, no sanea la entrada del usuario en la p\u00e1gina system configurations. Esto permite a un atacante hacer una puerta trasera en el dispositivo con HTML y contenido interpretado por el navegador (como JavaScript u otros scripts del lado del cliente) ya que el contenido es siempre mostrado antes y despu\u00e9s del inicio de sesi\u00f3n. Una vulnerabilidad de tipo XSS persistente permite a un atacante modificar el contenido mostrado o cambiar la informaci\u00f3n de la v\u00edctima. Una explotaci\u00f3n con \u00e9xito requiere acceso a la interfaz de administraci\u00f3n web, ya sea con credenciales v\u00e1lidas o una sesi\u00f3n secuestrada"}], "id": "CVE-2019-19393", "lastModified": "2020-10-13T13:40:50.527", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-01T17:15:13.057", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/miguelhamal/CVE-2019-19393"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "https://www.rittal.us/monitoring-security/cmc-iii.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}