CVE-2019-13923 – This vulnerability allows cross-site scripting ... (How to Fix)

Q: What is the severity of CVE-2019-13923?

CVE-2019-13923 has a CVSS score of 9.6 (CRITICAL). This vulnerability allows cross-site scripting (XSS) attacks on Siemens IE/WSN-PA Link WirelessHART Gateways. Attackers can inject malicious scripts via specially crafted links, potentially compromising user sessions and device control. Users must be logged into the web interface for successful exploitation.

📋 TL;DR

This vulnerability allows cross-site scripting (XSS) attacks on Siemens IE/WSN-PA Link WirelessHART Gateways. Attackers can inject malicious scripts via specially crafted links, potentially compromising user sessions and device control. Users must be logged into the web interface for successful exploitation.

💻 Affected Systems

Products:

Siemens IE/WSN-PA Link WirelessHART Gateway

Versions: All versions

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices with the integrated configuration web server are affected. User interaction with malicious link required.

📦 What is this software?

Ie\/wsn Pa Link Wirelesshart Gateway Firmware by Siemens

View all CVEs affecting Ie\/wsn Pa Link Wirelesshart Gateway Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover, credential theft, installation of persistent backdoors, and lateral movement within industrial control networks.

🟠

Likely Case

Session hijacking, unauthorized configuration changes, and potential disruption of WirelessHART network operations.

🟢

If Mitigated

Limited to isolated session compromise if proper network segmentation and access controls are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires user to be logged into web interface and click malicious link. No public exploits known at advisory publication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to firmware version 4.0.1 or later

Vendor Advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-191683.pdf

Restart Required: Yes

Instructions:

1. Download firmware update from Siemens support portal. 2. Backup current configuration. 3. Apply firmware update via web interface. 4. Restart device. 5. Verify update successful.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate WirelessHART gateways from untrusted networks and restrict web interface access

Access Control Lists

all

Implement strict firewall rules to limit access to gateway web interface

🧯 If You Can't Patch

Implement strict network segmentation to isolate devices from untrusted networks
Enforce strong authentication and session management controls

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface > System Information. Versions below 4.0.1 are vulnerable.

Check Version:

Access web interface and navigate to System Information page

Verify Fix Applied:

Verify firmware version shows 4.0.1 or later in System Information page.

📡 Detection & Monitoring

Log Indicators:

Unusual web interface access patterns
Multiple failed login attempts followed by successful login
Configuration changes from unexpected sources

Network Indicators:

HTTP requests with suspicious parameters to gateway web interface
Outbound connections from gateway to unexpected destinations

SIEM Query:

source="gateway_web_logs" AND (uri CONTAINS "script" OR uri CONTAINS "javascript" OR uri CONTAINS "onerror")

📊 Metadata

CVE ID: CVE-2019-13923

CVSS v3 Score: 9.6 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-80

Published: September 13, 2019

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-13923, you might also want to check these: