Search

Find a vulnerability

Search criteria

    4 vulnerabilities by ControlByWeb

    VAR-201903-1181

    Vulnerability from variot - Updated: 2024-11-23 22:12

    A stored cross-site scripting (XSS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can inject arbitrary script via setup.html in the web interface. ControlByWeb X-320M-I Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. ControlByWeb X-320M is prone to a cross-site scripting vulnerability and an authentication-bypass vulnerability. Attackers can exploit these issues to execute arbitrary code in the context of the browser, obtain sensitive information, or cause a denial-of-service attack; other attacks may also be possible. X-320M-I firmware revision v1.05 and prior are vulnerable. Xytronix Research & Design ControlByWeb X-320M is a network-enabled weather station controller from Xytronix Research & Design, USA. The product supports remote viewing of the current wind speed, wind direction, precipitation, temperature, humidity, solar radiation and air pressure, etc. A cross-site scripting vulnerability exists in the Xytronix Research & Design ControlByWeb X-320M due to the program not validating input properly. A remote attacker could exploit this vulnerability to execute code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201903-1181",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "x-320m-i",
            "scope": "eq",
            "trust": 1.1,
            "vendor": "controlbyweb",
            "version": "1.05"
          },
          {
            "model": "x-320m-i",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "controlbyweb",
            "version": "1.05"
          },
          {
            "model": "x-320m-i",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "controlbyweb",
            "version": "1.06"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "106655"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015190"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18882"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:controlbyweb:x-320m-i_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015190"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "John Elder and Tom Westenberg of Applied Risk",
        "sources": [
          {
            "db": "BID",
            "id": "106655"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-18882",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2018-18882",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "VHN-129486",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.3,
                "id": "CVE-2018-18882",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-18882",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-18882",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201901-743",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129486",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129486"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015190"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-743"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18882"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A stored cross-site scripting (XSS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can inject arbitrary script via setup.html in the web interface. ControlByWeb X-320M-I Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. ControlByWeb X-320M is prone to a cross-site scripting vulnerability and an authentication-bypass vulnerability. \nAttackers can exploit these issues to execute arbitrary code in the context of the browser, obtain sensitive information, or cause a denial-of-service attack; other attacks may also be possible. \nX-320M-I firmware revision v1.05 and prior are vulnerable. Xytronix Research \u0026 Design ControlByWeb X-320M is a network-enabled weather station controller from Xytronix Research \u0026 Design, USA. The product supports remote viewing of the current wind speed, wind direction, precipitation, temperature, humidity, solar radiation and air pressure, etc. A cross-site scripting vulnerability exists in the Xytronix Research \u0026 Design ControlByWeb X-320M due to the program not validating input properly. A remote attacker could exploit this vulnerability to execute code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-18882"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015190"
          },
          {
            "db": "BID",
            "id": "106655"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129486"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-18882",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "106655",
            "trust": 2.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-017-03",
            "trust": 1.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015190",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-743",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-129486",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129486"
          },
          {
            "db": "BID",
            "id": "106655"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015190"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-743"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18882"
          }
        ]
      },
      "id": "VAR-201903-1181",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129486"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:12:08.380000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "X-320M | Web-Enabled Weather Station",
            "trust": 0.8,
            "url": "https://www.controlbyweb.com/x320m/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015190"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129486"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015190"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18882"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://www.securityfocus.com/bid/106655"
          },
          {
            "trust": 1.7,
            "url": "https://applied-risk.com/labs/advisories"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18882"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18882"
          },
          {
            "trust": 0.8,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-017-03"
          },
          {
            "trust": 0.3,
            "url": "https://www.controlbyweb.com/x320m/"
          },
          {
            "trust": 0.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-017-03"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129486"
          },
          {
            "db": "BID",
            "id": "106655"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015190"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-743"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18882"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-129486"
          },
          {
            "db": "BID",
            "id": "106655"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015190"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-743"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18882"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-03-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129486"
          },
          {
            "date": "2019-01-17T00:00:00",
            "db": "BID",
            "id": "106655"
          },
          {
            "date": "2019-05-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-015190"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201901-743"
          },
          {
            "date": "2019-03-21T16:00:29.810000",
            "db": "NVD",
            "id": "CVE-2018-18882"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-04-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129486"
          },
          {
            "date": "2019-01-17T00:00:00",
            "db": "BID",
            "id": "106655"
          },
          {
            "date": "2019-07-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-015190"
          },
          {
            "date": "2019-04-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201901-743"
          },
          {
            "date": "2024-11-21T03:56:49.047000",
            "db": "NVD",
            "id": "CVE-2018-18882"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-743"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ControlByWeb X-320M-I Vulnerable to cross-site scripting",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015190"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-743"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201903-1180

    Vulnerability from variot - Updated: 2024-11-23 22:12

    A Denial of Service (DOS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can configure invalid network settings, stopping TCP based communications to the device. A physical factory reset is required to restore the device to an operational state. ControlByWeb X-320M-I Contains vulnerabilities related to security features.Service operation interruption (DoS) There is a possibility of being put into a state. ControlByWeb X-320M is prone to a cross-site scripting vulnerability and an authentication-bypass vulnerability. Attackers can exploit these issues to execute arbitrary code in the context of the browser, obtain sensitive information, or cause a denial-of-service attack; other attacks may also be possible. X-320M-I firmware revision v1.05 and prior are vulnerable. Xytronix Research & Design ControlByWeb X-320M is a network-enabled weather station controller from Xytronix Research & Design, USA. The product supports remote viewing of the current wind speed, wind direction, precipitation, temperature, humidity, solar radiation and air pressure, etc. A security feature issue vulnerability exists in the Xytronix Research & Design ControlByWeb X-320M. An attacker could exploit this vulnerability to cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201903-1180",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "x-320m-i",
            "scope": "eq",
            "trust": 1.1,
            "vendor": "controlbyweb",
            "version": "1.05"
          },
          {
            "model": "x-320m-i",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "controlbyweb",
            "version": "1.05"
          },
          {
            "model": "x-320m-i",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "controlbyweb",
            "version": "1.06"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "106655"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015191"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18881"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:controlbyweb:x-320m-i_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015191"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "John Elder and Tom Westenberg of Applied Risk",
        "sources": [
          {
            "db": "BID",
            "id": "106655"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-18881",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2018-18881",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "VHN-129485",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2018-18881",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-18881",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-18881",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201901-742",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129485",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129485"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015191"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-742"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18881"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A Denial of Service (DOS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can configure invalid network settings, stopping TCP based communications to the device. A physical factory reset is required to restore the device to an operational state. ControlByWeb X-320M-I Contains vulnerabilities related to security features.Service operation interruption (DoS) There is a possibility of being put into a state. ControlByWeb X-320M is prone to a cross-site scripting vulnerability and an authentication-bypass vulnerability. \nAttackers can exploit these issues to execute arbitrary code in the context of the browser, obtain sensitive information, or cause a denial-of-service attack; other attacks may also be possible. \nX-320M-I firmware revision v1.05 and prior are vulnerable. Xytronix Research \u0026 Design ControlByWeb X-320M is a network-enabled weather station controller from Xytronix Research \u0026 Design, USA. The product supports remote viewing of the current wind speed, wind direction, precipitation, temperature, humidity, solar radiation and air pressure, etc. A security feature issue vulnerability exists in the Xytronix Research \u0026 Design ControlByWeb X-320M. An attacker could exploit this vulnerability to cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-18881"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015191"
          },
          {
            "db": "BID",
            "id": "106655"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129485"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "106655",
            "trust": 2.8
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18881",
            "trust": 2.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-017-03",
            "trust": 1.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015191",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-742",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-129485",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129485"
          },
          {
            "db": "BID",
            "id": "106655"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015191"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-742"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18881"
          }
        ]
      },
      "id": "VAR-201903-1180",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129485"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:12:08.350000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "X-320M | Web-Enabled Weather Station",
            "trust": 0.8,
            "url": "https://www.controlbyweb.com/x320m/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015191"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-254",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129485"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015191"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18881"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "http://www.securityfocus.com/bid/106655"
          },
          {
            "trust": 1.7,
            "url": "https://applied-risk.com/labs/advisories"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18881"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18881"
          },
          {
            "trust": 0.8,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-017-03"
          },
          {
            "trust": 0.3,
            "url": "https://www.controlbyweb.com/x320m/"
          },
          {
            "trust": 0.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-017-03"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129485"
          },
          {
            "db": "BID",
            "id": "106655"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015191"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-742"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18881"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-129485"
          },
          {
            "db": "BID",
            "id": "106655"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015191"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-742"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18881"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-03-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129485"
          },
          {
            "date": "2019-01-17T00:00:00",
            "db": "BID",
            "id": "106655"
          },
          {
            "date": "2019-05-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-015191"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201901-742"
          },
          {
            "date": "2019-03-21T16:00:29.750000",
            "db": "NVD",
            "id": "CVE-2018-18881"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129485"
          },
          {
            "date": "2019-01-17T00:00:00",
            "db": "BID",
            "id": "106655"
          },
          {
            "date": "2019-07-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-015191"
          },
          {
            "date": "2020-08-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201901-742"
          },
          {
            "date": "2024-11-21T03:56:48.890000",
            "db": "NVD",
            "id": "CVE-2018-18881"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-742"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ControlByWeb X-320M-I Vulnerabilities related to security functions",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015191"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "security feature problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-742"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2023-6333 (GCVE-0-2023-6333)

    Vulnerability from nvd – Published: 2023-12-07 18:08 – Updated: 2026-02-25 16:50
    VLAI
    Title
    Cross-site Scripting in ControlByWeb Relays
    Summary
    The affected ControlByWeb Relay products are vulnerable to a stored cross-site scripting vulnerability, which could allow an attacker to inject arbitrary scripts into the endpoint of a web interface that could run malicious javascript code during a user's session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Credits
    Prajitesh Singh of Cyble
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:28:21.197Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-341-05"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6333",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-12-23T05:01:07.209014Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-25T16:50:54.327Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "X-332-24I",
              "vendor": "ControlByWeb",
              "versions": [
                {
                  "status": "affected",
                  "version": "Firmware 1.06"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "X-301-I",
              "vendor": "ControlByWeb",
              "versions": [
                {
                  "status": "affected",
                  "version": "Firmware 1.15"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "X-301-24I",
              "vendor": "ControlByWeb",
              "versions": [
                {
                  "status": "affected",
                  "version": "Firmware 1.15"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Prajitesh Singh of Cyble"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003eThe affected ControlByWeb Relay products are vulnerable to a stored cross-site scripting vulnerability, which could allow an attacker to inject arbitrary scripts into the endpoint of a web interface that could run malicious javascript code during a user\u0027s session.\u003c/p\u003e\u003cbr\u003e\n\n"
                }
              ],
              "value": "\nThe affected ControlByWeb Relay products are vulnerable to a stored cross-site scripting vulnerability, which could allow an attacker to inject arbitrary scripts into the endpoint of a web interface that could run malicious javascript code during a user\u0027s session.\n\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-07T18:08:04.324Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-341-05"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003eControlByWeb recommends users update to the following versions:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://controlbyweb.com/firmware/X301_v1.20_firmware.zip\"\u003eX301 V1.20\u003c/a\u003e.\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://controlbyweb.com/firmware/X332_v1.09_firmware.zip\"\u003eX332 V1.09\u003c/a\u003e.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "\nControlByWeb recommends users update to the following versions:\n\n  *   X301 V1.20 https://controlbyweb.com/firmware/X301_v1.20_firmware.zip .\n  *   X332 V1.09 https://controlbyweb.com/firmware/X332_v1.09_firmware.zip .\n\n\n\n\n\n"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross-site Scripting in ControlByWeb Relays",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-6333",
        "datePublished": "2023-12-07T18:08:04.324Z",
        "dateReserved": "2023-11-27T16:35:14.892Z",
        "dateUpdated": "2026-02-25T16:50:54.327Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-6333 (GCVE-0-2023-6333)

    Vulnerability from cvelistv5 – Published: 2023-12-07 18:08 – Updated: 2026-02-25 16:50
    VLAI
    Title
    Cross-site Scripting in ControlByWeb Relays
    Summary
    The affected ControlByWeb Relay products are vulnerable to a stored cross-site scripting vulnerability, which could allow an attacker to inject arbitrary scripts into the endpoint of a web interface that could run malicious javascript code during a user's session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Credits
    Prajitesh Singh of Cyble
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:28:21.197Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-341-05"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6333",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-12-23T05:01:07.209014Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-25T16:50:54.327Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "X-332-24I",
              "vendor": "ControlByWeb",
              "versions": [
                {
                  "status": "affected",
                  "version": "Firmware 1.06"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "X-301-I",
              "vendor": "ControlByWeb",
              "versions": [
                {
                  "status": "affected",
                  "version": "Firmware 1.15"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "X-301-24I",
              "vendor": "ControlByWeb",
              "versions": [
                {
                  "status": "affected",
                  "version": "Firmware 1.15"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Prajitesh Singh of Cyble"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003eThe affected ControlByWeb Relay products are vulnerable to a stored cross-site scripting vulnerability, which could allow an attacker to inject arbitrary scripts into the endpoint of a web interface that could run malicious javascript code during a user\u0027s session.\u003c/p\u003e\u003cbr\u003e\n\n"
                }
              ],
              "value": "\nThe affected ControlByWeb Relay products are vulnerable to a stored cross-site scripting vulnerability, which could allow an attacker to inject arbitrary scripts into the endpoint of a web interface that could run malicious javascript code during a user\u0027s session.\n\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-07T18:08:04.324Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-341-05"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003eControlByWeb recommends users update to the following versions:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://controlbyweb.com/firmware/X301_v1.20_firmware.zip\"\u003eX301 V1.20\u003c/a\u003e.\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://controlbyweb.com/firmware/X332_v1.09_firmware.zip\"\u003eX332 V1.09\u003c/a\u003e.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "\nControlByWeb recommends users update to the following versions:\n\n  *   X301 V1.20 https://controlbyweb.com/firmware/X301_v1.20_firmware.zip .\n  *   X332 V1.09 https://controlbyweb.com/firmware/X332_v1.09_firmware.zip .\n\n\n\n\n\n"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross-site Scripting in ControlByWeb Relays",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-6333",
        "datePublished": "2023-12-07T18:08:04.324Z",
        "dateReserved": "2023-11-27T16:35:14.892Z",
        "dateUpdated": "2026-02-25T16:50:54.327Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }