CVE-2024-9414

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

Published: Oct 17, 2024 / Updated: 33d ago

010
CVSS 7EPSS 0.04%High
CVE info copied to clipboard

In LAquis SCADA version 4.7.1.511, a cross-site scripting vulnerability could allow an attacker to inject arbitrary code into a web page. This could allow an attacker to steal cookies, redirect users, or perform unauthorized actions.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

CVE Assignment

NVD published the first details for CVE-2024-9414

Oct 17, 2024 at 4:15 PM
First Article

Feedly found the first article mentioning CVE-2024-9414. See article

Oct 17, 2024 at 4:16 PM / VulDB Recent Entries
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 17, 2024 at 4:16 PM
CVSS

A CVSS base score of 7 has been assigned.

Oct 17, 2024 at 4:20 PM / nvd
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.7%)

Oct 18, 2024 at 10:20 AM
Static CVE Timeline Graph

Affected Systems

Laquisscada/scada
+null more

Attack Patterns

CAPEC-209: XSS Using MIME Type Mismatch
+null more

References

LCDS LAquis SCADA
In LAquis SCADA version 4.7.1.511, a cross-site scripting vulnerability could allow an attacker to inject arbitrary code into a web page. CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

News

1.763
Newly Added (6) Devolutions Server DEVO-2024-0013 Authorization Bypass Vulnerability LAquis SCADA CVE-2024-9414 Cross-Site Scripting Vulnerability Security Vulnerabilities fixed in Splunk 2024-10-14 Grafana CVE-2023-6152 Authorization Bypass Vulnerability Security Vulnerabilities fixed in PaperCut NG/MF 23.0.9 ImageMagick CVE-2023-5341 Use After Free Vulnerability Modified (1) Security Vulnerabilities fixed in Microsoft Edge 130.0.2849.46
Cross-site scripting in LCDS LAquis SCADA
A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
CVE-2024-9414
Medium Severity Description In LAquis SCADA version 4.7.1.511, a cross-site scripting vulnerability could allow an attacker to inject arbitrary code into a web page. This could allow an attacker to steal cookies, redirect users, or perform unauthorized actions. Read more at https://www.tenable.com/cve/CVE-2024-9414
NA - CVE-2024-9414 - In LAquis SCADA version 4.7.1.511, a cross-site...
In LAquis SCADA version 4.7.1.511, a cross-site scripting vulnerability could allow an attacker to inject arbitrary code into a web page. This could allow an attacker to steal cookies, redirect...
CVE-2024-9414
In LAquis SCADA version 4.7.1.511, a cross-site scripting vulnerability could allow an attacker to inject arbitrary code into a web page. This could allow an attacker to steal cookies, redirect users, or perform unauthorized...
See 7 more articles and social media posts

CVSS V3.1

Unknown

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI