Published: 01/10/2020 Updated: 13/10/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Subscribe to Cmc Pu Iii 7030.000 Firmware

The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.00_2 to V3.15.70_4 devices fails to sanitize user input on the system configurations page. This allows an malicious user to backdoor the device with HTML and browser-interpreted content (such as JavaScript or other client-side scripts) as the content is always displayed after and before login. Persistent XSS allows an malicious user to modify displayed content or to change the victim's information. Successful exploitation requires access to the web management interface, either with valid credentials or a hijacked session.

Vulnerable Product	Search on Vulmon	Subscribe to Product
rittal cmc_pu_iii_7030.000_firmware

Rittal CMC PU III – Stored XSS PoC Application: Rittal CMC PU III Web management Devices: CMC PU III 7030000 Software Revision: From V31100_2 to V31570_4 Hardware Revision: From V300 to V601 Attack type: Stored XSS Solution: Update to Software Revision V31710 or later Summary: Web application fails to sanitize user input on system configurations page This allows

CWE-79 https://www.rittal.us/monitoring-security/cmc-iii.html https://github.com/miguelhamal/CVE-2019-19393 https://nvd.nist.gov https://github.com/miguelhamal/CVE-2019-19393

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-19393

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect