CVE-2019-13931 - OpenCVE

A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow for an an attacker to craft the input in a form that is not expected, causing the application to behave in unexpected ways for legitimate users. Successful exploitation requires for an attacker to be authenticated to the web interface. A successful attack could cause the application to have unexpected behavior. This could allow the attacker to modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens	Xhq

Configuration 1 [-]

cpe:2.3:a:siemens:xhq:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-525454.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2019-12-12T19:08:46

Updated: 2024-08-05T00:05:44.015Z

Reserved: 2019-07-18T00:00:00

Link: CVE-2019-13931

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-12-12T19:15:14.827

Modified: 2019-12-19T17:27:23.937

Link: CVE-2019-13931

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "XHQ", "vendor": "Siemens AG", "versions": [{"status": "affected", "version": "All versions < V6.0.0.2"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow for an an attacker to craft the input in a form that is not expected, causing the application to behave in unexpected ways for legitimate users. Successful exploitation requires for an attacker to be authenticated to the web interface. A successful attack could cause the application to have unexpected behavior. This could allow the attacker to modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-80", "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-12-12T19:08:46", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-525454.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "ID": "CVE-2019-13931", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "XHQ", "version": {"version_data": [{"version_value": "All versions < V6.0.0.2"}]}}]}, "vendor_name": "Siemens AG"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow for an an attacker to craft the input in a form that is not expected, causing the application to behave in unexpected ways for legitimate users. Successful exploitation requires for an attacker to be authenticated to the web interface. A successful attack could cause the application to have unexpected behavior. This could allow the attacker to modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"}]}]}, "references": {"reference_data": [{"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-525454.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-525454.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T00:05:44.015Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-525454.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2019-13931", "datePublished": "2019-12-12T19:08:46", "dateReserved": "2019-07-18T00:00:00", "dateUpdated": "2024-08-05T00:05:44.015Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:xhq:*:*:*:*:*:*:*:*", "matchCriteriaId": "180ADD9E-93A2-44CC-A8BB-AA481EDFFAB8", "versionEndExcluding": "6.0.0.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow for an an attacker to craft the input in a form that is not expected, causing the application to behave in unexpected ways for legitimate users. Successful exploitation requires for an attacker to be authenticated to the web interface. A successful attack could cause the application to have unexpected behavior. This could allow the attacker to modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en XHQ (Todas las versiones anteriores a V6.0.0.2). La interfaz web podr\u00eda permitir a un atacante crear la entrada de una forma que no es esperada, causando que la aplicaci\u00f3n se comporte de manera inesperada para los usuarios leg\u00edtimos. Una explotaci\u00f3n con \u00e9xito requiere que un atacante se autentique en la interfaz web. Un ataque con \u00e9xito podr\u00eda causar que la aplicaci\u00f3n tenga un comportamiento inesperado. Esto podr\u00eda permitir al atacante modificar el contenido de la aplicaci\u00f3n web. Al momento de la publicaci\u00f3n del aviso, no era conocida la explotaci\u00f3n p\u00fablica de esta vulnerabilidad de seguridad."}], "id": "CVE-2019-13931", "lastModified": "2019-12-19T17:27:23.937", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-12T19:15:14.827", "references": [{"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-525454.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-80"}], "source": "productcert@siemens.com", "type": "Secondary"}]}