CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-6558: HMS Industrial Networks Anybus-CompactCom 30 Cross-site Scripting

6.3 CVSS

Description

HMS Industrial Networks

Anybus-CompactCom 30 products are vulnerable to a XSS attack caused by the lack of input sanitation checks. As a consequence, it is possible to insert HTML code into input fields and store the HTML code. The stored HTML code will be embedded in the page and executed by host browser the next time the page is loaded, enabling social engineering attacks.

Classification

CVE ID: CVE-2024-6558

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Problem Types

CWE-79 Cross-site Scripting

Affected Products

Vendor: HMS Industrial Networks

Product: Anybus-CompactCom 30

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.1% (probability of being exploited)

EPSS Percentile: 28.06% (scored less or equal to compared to others)

EPSS Date: 2025-05-30 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact:

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-6558
https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-20
https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cybersecurity/security-advisory/hms-security-advisory-2024-05-17-001---anybus---compactcom-30-xss.pdf

Timeline

2025-05-01 17:42:55 UTC
CVE

HMS Industrial Networks Anybus-CompactCom 30 Cross-site Scripting