CVE-2018-18985

Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality.
References
Link Resource
https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02 Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/106530 Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:tridium:niagara_enterprise_security:*:*:*:*:*:*:*:*
cpe:2.3:a:tridium:niagara_ax_framework:*:*:*:*:*:*:*:*
cpe:2.3:a:tridium:niagara:*:*:*:*:*:*:*:*
cpe:2.3:a:tridium:niagara:*:*:*:*:*:*:*:*
cpe:2.3:a:tridium:niagara_enterprise_security:2.3u1:*:*:*:*:*:*:*
cpe:2.3:a:tridium:niagara:4.4u2:*:*:*:*:*:*:*
cpe:2.3:a:tridium:niagara_ax_framework:3.8u4:*:*:*:*:*:*:*

Information

Published : 2019-01-29 08:29

Updated : 2019-10-09 16:37


NVD link : CVE-2018-18985

Mitre link : CVE-2018-18985


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

tridium

  • niagara_ax_framework
  • niagara
  • niagara_enterprise_security