CVE-2024-38502

Summary

An unauthenticated remote attacker may use stored XSS vulnerability to obtain information from a user or reboot the affected device once.

Affected Software

VendorProductVersion RangeStatus
Pepperl+FuchsICDM-RX/TCP-DB9/RJ45-DINSocketServer <= 11.65affected
Pepperl+FuchsICDM-RX/TCP-ST/RJ45-DINSocketServer <= 11.65affected
Pepperl+FuchsICDM-RX/TCP-4DB9/2RJ45-DINSocketServer <= 11.65affected
Pepperl+FuchsICDM-RX/TCP-DB9/RJ45-PMSocketServer <= 11.65affected
Pepperl+FuchsICDM-RX/TCP-2DB9/RJ45-DINSocketServer <= 11.65affected
Pepperl+FuchsICDM-RX/TCP-2ST/RJ45-DINSocketServer <= 11.65affected
Pepperl+FuchsICDM-RX/TCP-4DB9/2RJ45-PMSocketServer <= 11.65affected
Pepperl+FuchsICDM-RX/TCP-8DB9/2RJ45-PMSocketServer <= 11.65affected
Pepperl+FuchsICDM-RX/TCP-16RJ45/RJ45-RMSocketServer <= 11.65affected
Pepperl+FuchsICDM-RX/TCP-16DB9/RJ45-RMSocketServer <= 11.65affected
Pepperl+FuchsICDM-RX/TCP-32RJ45/RJ45-RMSocketServer <= 11.65affected
Pepperl+FuchsICDM-RX/TCP-DB9/RJ45-PM2SocketServer <= 11.65affected
Pepperl+FuchsICDM-RX/TCP-16RJ45/2RJ45-PMSocketServer <= 11.65affected
Pepperl+FuchsICDM-RX/PN-DB9/RJ45-DINPROFINET <= v3.4.9affected
Pepperl+FuchsICDM-RX/PN-ST/RJ45-DINPROFINET <= v3.4.9affected
Pepperl+FuchsICDM-RX/PN-4DB9/2RJ45-DINPROFINET <= v3.4.9affected
Pepperl+FuchsICDM-RX/PN-DB9/RJ45-PMPROFINET <= v3.4.9affected
Pepperl+FuchsICDM-RX/PN-2DB9/RJ45-DINPROFINET <= v3.4.9affected
Pepperl+FuchsICDM-RX/PN-2ST/RJ45-DINPROFINET <= v3.4.9affected
Pepperl+FuchsICDM-RX/PN1-DB9/RJ45-PMPROFINET/Modbus <= v1.0.7affected
Pepperl+FuchsICDM-RX/PN1-DB9/RJ45-DINPROFINET/Modbus <= v1.0.7affected
Pepperl+FuchsICDM-RX/PN1-ST/RJ45-DINPROFINET/Modbus <= v1.0.7affected
Pepperl+FuchsICDM-RX/PN1-2DB9/RJ45-DINPROFINET/Modbus <= v1.0.7affected
Pepperl+FuchsICDM-RX/PN1-4DB9/2RJ45-DINPROFINET/Modbus <= v1.0.7affected
Pepperl+FuchsICDM-RX/PN1-2ST/RJ45-DINPROFINET/Modbus <= v1.0.7affected
Pepperl+FuchsICDM-RX/EN-DB9/RJ45-DINEtherNet/IP <= v7.22affected
Pepperl+FuchsICDM-RX/EN-ST/RJ45-DINEtherNet/IP <= v7.22affected
Pepperl+FuchsICDM-RX/EN-4DB9/2RJ45-DINEtherNet/IP <= v7.22affected
Pepperl+FuchsICDM-RX/EN-DB9/RJ45-PMEtherNet/IP <= v7.22affected
Pepperl+FuchsICDM-RX/EN-2DB9/RJ45-DINEtherNet/IP <= v7.22affected
Pepperl+FuchsICDM-RX/EN-2ST/RJ45-DINEtherNet/IP <= v7.22affected
Pepperl+FuchsICDM-RX/EN1-DB9/RJ45-PMEIP/Modbus <= v1.08affected
Pepperl+FuchsICDM-RX/EN1-DB9/RJ45-DINEIP/Modbus <= v1.08affected
Pepperl+FuchsICDM-RX/EN1-ST/RJ45-DINEIP/Modbus <= v1.08affected
Pepperl+FuchsICDM-RX/EN1-2DB9/RJ45-DINEIP/Modbus <= v1.08affected
Pepperl+FuchsICDM-RX/EN1-4DB9/2RJ45-DINEIP/Modbus <= v1.08affected
Pepperl+FuchsICDM-RX/EN1-2ST/RJ45-DINEIP/Modbus <= v1.08affected
Pepperl+FuchsICDM-RX/MOD-DB9/RJ45-DINModbus Router <= v7.09affected
Pepperl+FuchsICDM-RX/MOD-DB9/RJ45-DINModbus Server <= v7.11affected
Pepperl+FuchsICDM-RX/MOD-DB9/RJ45-DINModbus TCP <= v7.11affected
Pepperl+FuchsICDM-RX/MOD-ST/RJ45-DINModbus Router <= v7.09affected
Pepperl+FuchsICDM-RX/MOD-ST/RJ45-DINModbus Server <= v7.11affected
Pepperl+FuchsICDM-RX/MOD-ST/RJ45-DINModbus TCP <= v7.11affected
Pepperl+FuchsICDM-RX/MOD-4DB9/2RJ45-DINModbus Router <= v7.09affected
Pepperl+FuchsICDM-RX/MOD-4DB9/2RJ45-DINModbus Server <= v7.11affected
Pepperl+FuchsICDM-RX/MOD-4DB9/2RJ45-DINModbus TCP <= v7.11affected
Pepperl+FuchsICDM-RX/MOD-DB9/RJ45-PMModbus Router <= v7.09affected
Pepperl+FuchsICDM-RX/MOD-DB9/RJ45-PMModbus Server <= v7.11affected
Pepperl+FuchsICDM-RX/MOD-DB9/RJ45-PMModbus TCP <= v7.11affected
Pepperl+FuchsICDM-RX/MOD-2DB9/RJ45-DINModbus Router <= v7.09affected
Pepperl+FuchsICDM-RX/MOD-2DB9/RJ45-DINModbus Server <= v7.11affected
Pepperl+FuchsICDM-RX/MOD-2DB9/RJ45-DINModbus TCP <= v7.11affected
Pepperl+FuchsICDM-RX/MOD-2ST/RJ45-DINModbus Router <= v7.09affected
Pepperl+FuchsICDM-RX/MOD-2ST/RJ45-DINModbus Server <= v7.11affected
Pepperl+FuchsICDM-RX/MOD-2ST/RJ45-DINModbus TCP <= v7.11affected
Pepperl+FuchsICDM-RX/MOD-16RJ45/2RJ45-PMModbus Router <= v7.09affected
Pepperl+FuchsICDM-RX/MOD-16RJ45/2RJ45-PMModbus Server <= v7.11affected
Pepperl+FuchsICDM-RX/MOD-16RJ45/2RJ45-PMModbus TCP <= v7.11affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References