NVD Vulnerability Detail

CVE-2017-13754

Summary	Cross-site scripting (XSS) vulnerability in the "advanced settings - time server" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the "server name" field in actions/ChangeConfiguration.html.
Publication Date	Sept. 7, 2017, 10:29 p.m.
Registration Date	Jan. 26, 2021, 1:15 p.m.
Last Update	Nov. 21, 2024, 12:11 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:wibu:codemeter::::::::			6.50a

Related information, measures and tools

No	URL	タグ
1	http://seclists.org/fulldisclosure/2017/Sep/1	Exploit Mailing List Third Party Advisory
2	http://seclists.org/fulldisclosure/2017/Sep/1	Exploit Mailing List Third Party Advisory
3	http://www.securityfocus.com/archive/1/541119/100/0/threaded
4	http://www.securityfocus.com/archive/1/541119/100/0/threaded
5	http://www.securityfocus.com/bid/104433
6	http://www.securityfocus.com/bid/104433
7	https://ics-cert.us-cert.gov/advisories/ICSA-18-102-02
8	https://ics-cert.us-cert.gov/advisories/ICSA-18-102-02
9	https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1073133
10	https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1073133
11	https://www.exploit-db.com/exploits/42610/	Exploit Third Party Advisory VDB Entry
12	https://www.exploit-db.com/exploits/42610/	Exploit Third Party Advisory VDB Entry
13	https://www.vulnerability-lab.com/get_content.php?id=2074	Exploit Third Party Advisory
14	https://www.vulnerability-lab.com/get_content.php?id=2074	Exploit Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html

JVN Vulnerability Information

Wibu-Systems CodeMeter におけるクロスサイトスクリプティングの脆弱性

Title	Wibu-Systems CodeMeter におけるクロスサイトスクリプティングの脆弱性
Summary	Wibu-Systems CodeMeter には、クロスサイトスクリプティングの脆弱性が存在します。
Possible impacts	情報を取得される、および情報を改ざんされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Sept. 4, 2017, midnight
Registration Date	Oct. 2, 2017, 6:07 p.m.
Last Update	July 10, 2019, 12:21 p.m.

Affected System

Wibu-Systems AG

CodeMeter 6.50b 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-13754	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13754
National Vulnerability Database (NVD)
2	CVE-2017-13754	https://nvd.nist.gov/vuln/detail/CVE-2017-13754

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-79	https://jvndb.jvn.jp/ja/cwe/CWE-79.html

ベンダー情報

No	Name	URL
Wibu-Systems AG
1	CodeMeter	http://www.wibu.com/codemeter.html

その他

No	Name	URL
ICS-CERT ADVISORY
1	ICSA-18-102-02	https://www.us-cert.gov/ics/advisories/ICSA-18-102-02
関連文書
2	Wibu Systems CodeMeter 6.50 - Persistent XSS Vulnerability	https://www.vulnerability-lab.com/get_content.php?id=2074

Change Log

No	Changed Details	Date of change
0	[2017年10月02日] 掲載	Feb. 17, 2018, 10:37 a.m.
1	[2019年07月10日] 参考情報：ICS-CERT ADVISORY (ICSA-18-102-02) を追加	July 10, 2019, 12:20 p.m.