CVE-2023-6028 - Vulnerability Details - OpenCVE

A reflected
cross-site scripting (XSS) vulnerability exists in the SVG version of System
Diagnostics Manager of B&R Automation Runtime versions <= G4.93 that
enables a remote attacker to execute arbitrary JavaScript code in the context
of the attacked user’s browser session.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00115.

Key SSVC decision points have not yet been added.

Vendors	Products
Br-automation	Automation Runtime

Configuration 1 [-]

cpe:2.3:a:br-automation:automation_runtime:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-58286	A reflected cross-site scripting (XSS) vulnerability exists in the SVG version of System Diagnostics Manager of B&R Automation Runtime versions <= G4.93 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser session.

Fixes

Solution

An update is available that resolves a vulnerability in the product versions listed above.

Workaround

Do not use Hyperlinks provided by untrusted 3rd party to access the SDM. Hyperlinks may be provided via: * Emails from unknown users * Social media channels * Messaging services * Webpages with comment functionality * QR Codes The use of external Web Application Firewalls (WAF) can mitigate attacks using reflected cross-site scripting.

References

Link	Providers
https://www.br-automation.com/fileadmin/SA23P018_SDM_Web_interface_vulnerable_to_XSS-1d75bee8.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: ABB

Published: 2024-02-05T17:33:34.785Z

Updated: 2024-08-02T08:21:17.060Z

Reserved: 2023-11-08T10:17:50.175Z

Link: CVE-2023-6028

Vulnrichment

Updated: 2024-08-02T08:21:17.060Z

NVD

Status : Modified

Published: 2024-02-05T18:15:51.670

Modified: 2024-11-21T08:43:00.503

Link: CVE-2023-6028

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6028", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "state": "PUBLISHED", "assignerShortName": "ABB", "dateReserved": "2023-11-08T10:17:50.175Z", "datePublished": "2024-02-05T17:33:34.785Z", "dateUpdated": "2024-08-02T08:21:17.060Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["SDM"], "product": "Automation Runtime", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "14.93", "status": "affected", "version": "14.0", "versionType": "patch"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A reflected\ncross-site scripting (XSS) vulnerability exists in the SVG version of System\nDiagnostics Manager of B&R Automation Runtime versions <= G4.93 that\nenables a remote attacker to execute arbitrary JavaScript code in the context\nof the attacked user\u2019s browser session.</p>\n\n\n\n\n\n"}], "value": "A reflected\ncross-site scripting (XSS) vulnerability exists in the SVG version of System\nDiagnostics Manager of B&R Automation Runtime versions <= G4.93 that\nenables a remote attacker to execute arbitrary JavaScript code in the context\nof the attacked user\u2019s browser session.\n\n\n\n\n\n\n\n"}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2024-02-06T13:54:25.416Z"}, "references": [{"url": "https://www.br-automation.com/fileadmin/SA23P018_SDM_Web_interface_vulnerable_to_XSS-1d75bee8.pdf"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An update is available that resolves a vulnerability in the product versions listed above."}], "value": "An update is available that resolves a vulnerability in the product versions listed above."}], "source": {"advisory": "SA23P018", "discovery": "INTERNAL"}, "title": "SDM Web interface vulnerable to XSS", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>Do not use Hyperlinks provided by untrusted 3rd party to access the SDM. Hyperlinks may be provided via:</p><p></p><ul><li>Emails from unknown users</li><li>Social media channels</li><li>Messaging services</li><li>Webpages with comment functionality</li><li>QR Codes</li></ul><p></p><p>The use of external Web Application Firewalls (WAF) can mitigate attacks using reflected cross-site scripting.</p>"}], "value": "\nDo not use Hyperlinks provided by untrusted 3rd party to access the SDM. Hyperlinks may be provided via:\n\n\n\n * Emails from unknown users\n * Social media channels\n * Messaging services\n * Webpages with comment functionality\n * QR Codes\n\n\n\n\nThe use of external Web Application Firewalls (WAF) can mitigate attacks using reflected cross-site scripting.\n\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-6028", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-07T18:48:50.631233Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:17:03.877Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:21:17.060Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.br-automation.com/fileadmin/SA23P018_SDM_Web_interface_vulnerable_to_XSS-1d75bee8.pdf", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.br-automation.com/fileadmin/SA23P018_SDM_Web_interface_vulnerable_to_XSS-1d75bee8.pdf", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:21:17.060Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-6028", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-07T18:48:50.631233Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:16.434Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "SDM Web interface vulnerable to XSS", "source": {"advisory": "SA23P018", "discovery": "INTERNAL"}, "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "B&R Industrial Automation", "modules": ["SDM"], "product": "Automation Runtime", "versions": [{"status": "affected", "version": "14.0", "lessThan": "14.93", "versionType": "patch"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "An update is available that resolves a vulnerability in the product versions listed above.", "supportingMedia": [{"type": "text/html", "value": "An update is available that resolves a vulnerability in the product versions listed above.", "base64": false}]}], "references": [{"url": "https://www.br-automation.com/fileadmin/SA23P018_SDM_Web_interface_vulnerable_to_XSS-1d75bee8.pdf"}], "workarounds": [{"lang": "en", "value": "\nDo not use Hyperlinks provided by untrusted 3rd party to access the SDM. Hyperlinks may be provided via:\n\n\n\n * Emails from unknown users\n * Social media channels\n * Messaging services\n * Webpages with comment functionality\n * QR Codes\n\n\n\n\nThe use of external Web Application Firewalls (WAF) can mitigate attacks using reflected cross-site scripting.\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<p>Do not use Hyperlinks provided by untrusted 3rd party to access the SDM. Hyperlinks may be provided via:</p><p></p><ul><li>Emails from unknown users</li><li>Social media channels</li><li>Messaging services</li><li>Webpages with comment functionality</li><li>QR Codes</li></ul><p></p><p>The use of external Web Application Firewalls (WAF) can mitigate attacks using reflected cross-site scripting.</p>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A reflected\ncross-site scripting (XSS) vulnerability exists in the SVG version of System\nDiagnostics Manager of B&R Automation Runtime versions <= G4.93 that\nenables a remote attacker to execute arbitrary JavaScript code in the context\nof the attacked user\u2019s browser session.\n\n\n\n\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>A reflected\ncross-site scripting (XSS) vulnerability exists in the SVG version of System\nDiagnostics Manager of B&R Automation Runtime versions <= G4.93 that\nenables a remote attacker to execute arbitrary JavaScript code in the context\nof the attacked user\u2019s browser session.</p>\n\n\n\n\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2024-02-06T13:54:25.416Z"}}}, "cveMetadata": {"cveId": "CVE-2023-6028", "state": "PUBLISHED", "dateUpdated": "2024-08-02T08:21:17.060Z", "dateReserved": "2023-11-08T10:17:50.175Z", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "datePublished": "2024-02-05T17:33:34.785Z", "assignerShortName": "ABB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:br-automation:automation_runtime:*:*:*:*:*:*:*:*", "matchCriteriaId": "884D020E-3583-4A39-A843-DB5977674E39", "versionEndExcluding": "i4.93", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A reflected\ncross-site scripting (XSS) vulnerability exists in the SVG version of System\nDiagnostics Manager of B&R Automation Runtime versions <= G4.93 that\nenables a remote attacker to execute arbitrary JavaScript code in the context\nof the attacked user\u2019s browser session.\n\n\n\n\n\n\n\n"}, {"lang": "es", "value": "Existe una vulnerabilidad de cross-site scripting (XSS) reflejada en la versi\u00f3n SVG de System Diagnostics Manager de B&R Automation Runtime versiones <= G4.93 que permite a un atacante remoto ejecutar c\u00f3digo JavaScript arbitrario en el contexto de la sesi\u00f3n del navegador del usuario atacado."}], "id": "CVE-2023-6028", "lastModified": "2024-11-21T08:43:00.503", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "cybersecurity@ch.abb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-05T18:15:51.670", "references": [{"source": "cybersecurity@ch.abb.com", "tags": ["Vendor Advisory"], "url": "https://www.br-automation.com/fileadmin/SA23P018_SDM_Web_interface_vulnerable_to_XSS-1d75bee8.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.br-automation.com/fileadmin/SA23P018_SDM_Web_interface_vulnerable_to_XSS-1d75bee8.pdf"}], "sourceIdentifier": "cybersecurity@ch.abb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "cybersecurity@ch.abb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}