BACnet.Devices.Stored.Cross.Site.Scripting

description-logoDescription

This indicates an attack attempt against a Cross-Site Scripting vulnerability in BACNet devices.
The vulnerability is due to insufficient validation of packet when the vulnerable software handles a maliciously crafted request. It allows a remote attacker to execute arbitrary script code via a crafted UDP packet.

affected-products-logoAffected Products

all vulnerable applications utilizing the BACNet data structure.

Impact logoImpact

System Compromise: Remote attackers can execute arbitrary script code within the context of the target user's browser.

recomended-action-logoRecommended Actions

Currently we are unaware of any vendor supplied patch for this issue.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-03-13 14.572 Default_action:pass:drop
2019-02-22 14.559