Description

HMS Industrial Networks Anybus-CompactCom 30 products are vulnerable to a XSS attack caused by the lack of input sanitation checks. As a consequence, it is possible to insert HTML code into input fields and store the HTML code. The stored HTML code will be embedded in the page and executed by host browser the next time the page is loaded, enabling social engineering attacks.

INFO

Published Date :

2024-07-25T19:53:44.420Z

Last Modified :

2025-08-27T20:43:00.244Z

Source :

icscert
AFFECTED PRODUCTS

The following products are affected by CVE-2024-6558 vulnerability.

Vendors Products
Hms-networks
  • Anybus Compactcom 30 Module Ethernet\/ip
  • Anybus Compactcom 30 Module Ethernet\/ip Firmware
  • Anybus Compactcom 30 Module Usb Without Housing
  • Anybus Compactcom 30 Module Usb Without Housing Firmware
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-6558.

URL Resource
https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cybersecurity/security-advisory/hms-security-advisory-2024-05-17-001---anybus---compactcom-30-xss.pdf cve-icon cve-icon
https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-20 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact