HMS Industrial Networks

Anybus-CompactCom 30 products are vulnerable to a XSS attack caused by the lack of input sanitation checks. As a consequence, it is possible to insert HTML code into input fields and store the HTML code. The stored HTML code will be embedded in the page and executed by host browser the next time the page is loaded, enabling social engineering attacks.
Fixes

Solution

No solution given by the vendor.


Workaround

HMS recommends users implement at least one of the following: * Add password protection to all webpages served by the Anybus-CompactCom 30 module. * Disable or add the option to allow the end-user to disable the webserver in the AnybusCompactCom 30. * Make sure these products are used locally within a secure network utilizing proper network infrastructure controls. This will help ensure that unused or unnecessary protocols from unauthorized sources are blocked. * Ensure that control systems and devices are situated behind firewalls, ensuring their isolation from the corporate network. * Replace the Anybus-CompactCom 30 module with a Anybus-CompactCom 40 module. For more information see the associated HMS security advisory https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cybersecurity/security-advisory/hms-security-advisory-2024-05-17-001---anybus---compactcom-30-xss.pdf .

History

Wed, 27 Aug 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 13 Aug 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Hms-networks
Hms-networks anybus Compactcom 30 Module Ethernet\/ip
Hms-networks anybus Compactcom 30 Module Ethernet\/ip Firmware
Hms-networks anybus Compactcom 30 Module Usb Without Housing
Hms-networks anybus Compactcom 30 Module Usb Without Housing Firmware
CPEs cpe:2.3:h:hms-networks:anybus_compactcom_30_module_ethernet\/ip:-:*:*:*:*:*:*:*
cpe:2.3:h:hms-networks:anybus_compactcom_30_module_usb_without_housing:-:*:*:*:*:*:*:*
cpe:2.3:o:hms-networks:anybus_compactcom_30_module_ethernet\/ip_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:hms-networks:anybus_compactcom_30_module_usb_without_housing_firmware:-:*:*:*:*:*:*:*
Vendors & Products Hms-networks
Hms-networks anybus Compactcom 30 Module Ethernet\/ip
Hms-networks anybus Compactcom 30 Module Ethernet\/ip Firmware
Hms-networks anybus Compactcom 30 Module Usb Without Housing
Hms-networks anybus Compactcom 30 Module Usb Without Housing Firmware

cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2025-08-27T20:43:00.244Z

Reserved: 2024-07-08T14:47:38.424Z

Link: CVE-2024-6558

cve-icon Vulnrichment

Updated: 2024-08-01T21:41:03.742Z

cve-icon NVD

Status : Modified

Published: 2024-07-25T20:15:05.360

Modified: 2024-11-21T09:49:53.027

Link: CVE-2024-6558

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.