CVE-2018-18985 Information

Description

Tridium Niagara Enterprise Security 2.3u1 all versions prior to 2.3.118.6 Niagara AX 3.8u4 all versions prior to 3.8.401.1 Niagara 4.4u2 all versions prior to 4.4.93.40.2 and Niagara 4.6 all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Reference

http://www.securityfocus.com/bid/106530 https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4