CVE-2024-38502
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Summary
An unauthenticated remote attacker may use stored XSS vulnerability to obtain information from a user or reboot the affected device once.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Pepperl+Fuchs | ICDM-RX/TCP-DB9/RJ45-DIN | SocketServer <= 11.65 | affected |
| Pepperl+Fuchs | ICDM-RX/TCP-ST/RJ45-DIN | SocketServer <= 11.65 | affected |
| Pepperl+Fuchs | ICDM-RX/TCP-4DB9/2RJ45-DIN | SocketServer <= 11.65 | affected |
| Pepperl+Fuchs | ICDM-RX/TCP-DB9/RJ45-PM | SocketServer <= 11.65 | affected |
| Pepperl+Fuchs | ICDM-RX/TCP-2DB9/RJ45-DIN | SocketServer <= 11.65 | affected |
| Pepperl+Fuchs | ICDM-RX/TCP-2ST/RJ45-DIN | SocketServer <= 11.65 | affected |
| Pepperl+Fuchs | ICDM-RX/TCP-4DB9/2RJ45-PM | SocketServer <= 11.65 | affected |
| Pepperl+Fuchs | ICDM-RX/TCP-8DB9/2RJ45-PM | SocketServer <= 11.65 | affected |
| Pepperl+Fuchs | ICDM-RX/TCP-16RJ45/RJ45-RM | SocketServer <= 11.65 | affected |
| Pepperl+Fuchs | ICDM-RX/TCP-16DB9/RJ45-RM | SocketServer <= 11.65 | affected |
| Pepperl+Fuchs | ICDM-RX/TCP-32RJ45/RJ45-RM | SocketServer <= 11.65 | affected |
| Pepperl+Fuchs | ICDM-RX/TCP-DB9/RJ45-PM2 | SocketServer <= 11.65 | affected |
| Pepperl+Fuchs | ICDM-RX/TCP-16RJ45/2RJ45-PM | SocketServer <= 11.65 | affected |
| Pepperl+Fuchs | ICDM-RX/PN-DB9/RJ45-DIN | PROFINET <= v3.4.9 | affected |
| Pepperl+Fuchs | ICDM-RX/PN-ST/RJ45-DIN | PROFINET <= v3.4.9 | affected |
| Pepperl+Fuchs | ICDM-RX/PN-4DB9/2RJ45-DIN | PROFINET <= v3.4.9 | affected |
| Pepperl+Fuchs | ICDM-RX/PN-DB9/RJ45-PM | PROFINET <= v3.4.9 | affected |
| Pepperl+Fuchs | ICDM-RX/PN-2DB9/RJ45-DIN | PROFINET <= v3.4.9 | affected |
| Pepperl+Fuchs | ICDM-RX/PN-2ST/RJ45-DIN | PROFINET <= v3.4.9 | affected |
| Pepperl+Fuchs | ICDM-RX/PN1-DB9/RJ45-PM | PROFINET/Modbus <= v1.0.7 | affected |
| Pepperl+Fuchs | ICDM-RX/PN1-DB9/RJ45-DIN | PROFINET/Modbus <= v1.0.7 | affected |
| Pepperl+Fuchs | ICDM-RX/PN1-ST/RJ45-DIN | PROFINET/Modbus <= v1.0.7 | affected |
| Pepperl+Fuchs | ICDM-RX/PN1-2DB9/RJ45-DIN | PROFINET/Modbus <= v1.0.7 | affected |
| Pepperl+Fuchs | ICDM-RX/PN1-4DB9/2RJ45-DIN | PROFINET/Modbus <= v1.0.7 | affected |
| Pepperl+Fuchs | ICDM-RX/PN1-2ST/RJ45-DIN | PROFINET/Modbus <= v1.0.7 | affected |
| Pepperl+Fuchs | ICDM-RX/EN-DB9/RJ45-DIN | EtherNet/IP <= v7.22 | affected |
| Pepperl+Fuchs | ICDM-RX/EN-ST/RJ45-DIN | EtherNet/IP <= v7.22 | affected |
| Pepperl+Fuchs | ICDM-RX/EN-4DB9/2RJ45-DIN | EtherNet/IP <= v7.22 | affected |
| Pepperl+Fuchs | ICDM-RX/EN-DB9/RJ45-PM | EtherNet/IP <= v7.22 | affected |
| Pepperl+Fuchs | ICDM-RX/EN-2DB9/RJ45-DIN | EtherNet/IP <= v7.22 | affected |
| Pepperl+Fuchs | ICDM-RX/EN-2ST/RJ45-DIN | EtherNet/IP <= v7.22 | affected |
| Pepperl+Fuchs | ICDM-RX/EN1-DB9/RJ45-PM | EIP/Modbus <= v1.08 | affected |
| Pepperl+Fuchs | ICDM-RX/EN1-DB9/RJ45-DIN | EIP/Modbus <= v1.08 | affected |
| Pepperl+Fuchs | ICDM-RX/EN1-ST/RJ45-DIN | EIP/Modbus <= v1.08 | affected |
| Pepperl+Fuchs | ICDM-RX/EN1-2DB9/RJ45-DIN | EIP/Modbus <= v1.08 | affected |
| Pepperl+Fuchs | ICDM-RX/EN1-4DB9/2RJ45-DIN | EIP/Modbus <= v1.08 | affected |
| Pepperl+Fuchs | ICDM-RX/EN1-2ST/RJ45-DIN | EIP/Modbus <= v1.08 | affected |
| Pepperl+Fuchs | ICDM-RX/MOD-DB9/RJ45-DIN | Modbus Router <= v7.09 | affected |
| Pepperl+Fuchs | ICDM-RX/MOD-DB9/RJ45-DIN | Modbus Server <= v7.11 | affected |
| Pepperl+Fuchs | ICDM-RX/MOD-DB9/RJ45-DIN | Modbus TCP <= v7.11 | affected |
| Pepperl+Fuchs | ICDM-RX/MOD-ST/RJ45-DIN | Modbus Router <= v7.09 | affected |
| Pepperl+Fuchs | ICDM-RX/MOD-ST/RJ45-DIN | Modbus Server <= v7.11 | affected |
| Pepperl+Fuchs | ICDM-RX/MOD-ST/RJ45-DIN | Modbus TCP <= v7.11 | affected |
| Pepperl+Fuchs | ICDM-RX/MOD-4DB9/2RJ45-DIN | Modbus Router <= v7.09 | affected |
| Pepperl+Fuchs | ICDM-RX/MOD-4DB9/2RJ45-DIN | Modbus Server <= v7.11 | affected |
| Pepperl+Fuchs | ICDM-RX/MOD-4DB9/2RJ45-DIN | Modbus TCP <= v7.11 | affected |
| Pepperl+Fuchs | ICDM-RX/MOD-DB9/RJ45-PM | Modbus Router <= v7.09 | affected |
| Pepperl+Fuchs | ICDM-RX/MOD-DB9/RJ45-PM | Modbus Server <= v7.11 | affected |
| Pepperl+Fuchs | ICDM-RX/MOD-DB9/RJ45-PM | Modbus TCP <= v7.11 | affected |
| Pepperl+Fuchs | ICDM-RX/MOD-2DB9/RJ45-DIN | Modbus Router <= v7.09 | affected |
| Pepperl+Fuchs | ICDM-RX/MOD-2DB9/RJ45-DIN | Modbus Server <= v7.11 | affected |
| Pepperl+Fuchs | ICDM-RX/MOD-2DB9/RJ45-DIN | Modbus TCP <= v7.11 | affected |
| Pepperl+Fuchs | ICDM-RX/MOD-2ST/RJ45-DIN | Modbus Router <= v7.09 | affected |
| Pepperl+Fuchs | ICDM-RX/MOD-2ST/RJ45-DIN | Modbus Server <= v7.11 | affected |
| Pepperl+Fuchs | ICDM-RX/MOD-2ST/RJ45-DIN | Modbus TCP <= v7.11 | affected |
| Pepperl+Fuchs | ICDM-RX/MOD-16RJ45/2RJ45-PM | Modbus Router <= v7.09 | affected |
| Pepperl+Fuchs | ICDM-RX/MOD-16RJ45/2RJ45-PM | Modbus Server <= v7.11 | affected |
| Pepperl+Fuchs | ICDM-RX/MOD-16RJ45/2RJ45-PM | Modbus TCP <= v7.11 | affected |
Weaknesses
- CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.