CVE-2024-6558 is a Cross-site Scripting (XSS) vulnerability identified in HMS Industrial Networks' Anybus-CompactCom 30 products. This vulnerability arises due to insufficient input sanitation on user-supplied data fields, allowing attackers to inject malicious HTML or JavaScript code. The injected code is stored persistently and executed by the host browser when the affected page is loaded, enabling attackers to perform social engineering attacks such as session hijacking, credential theft, or delivering further malware payloads. The vulnerability affects all versions of Anybus-CompactCom 30, which are industrial communication modules widely used for integrating industrial devices with various fieldbus and industrial Ethernet networks. The CVSS 3.1 base score is 6.3 (medium severity), reflecting that the attack vector is network-based (AV:N), requires no privileges (PR:N), but does require user interaction (UI:R). The impact includes limited confidentiality, integrity, and availability consequences, as the vulnerability primarily targets the web interface used for device configuration or monitoring. No known exploits are currently reported in the wild, and no patches have been published yet. The vulnerability was reserved on July 8, 2024, and published on July 25, 2024, with enrichment from ICS-CERT, indicating its relevance to industrial control systems security. Given the nature of the product and its deployment in industrial environments, exploitation could lead to unauthorized access to device management interfaces, potentially disrupting industrial processes or enabling lateral movement within operational technology (OT) networks.

For European organizations, especially those operating in manufacturing, energy, transportation, and critical infrastructure sectors, this vulnerability poses a moderate risk. Anybus-CompactCom 30 modules are commonly embedded in industrial equipment for communication purposes, making them integral to operational technology environments. Successful exploitation could allow attackers to execute malicious scripts in the context of the device management web interface, potentially leading to credential theft or manipulation of device settings. This could disrupt industrial processes, cause downtime, or facilitate further attacks within OT networks. The impact on confidentiality is limited but non-negligible, as sensitive configuration data could be exposed. Integrity and availability impacts are also possible if attackers manipulate device parameters or cause denial of service through crafted inputs. The requirement for user interaction (e.g., an operator accessing the compromised web interface) somewhat limits exploitation but does not eliminate risk, especially in environments where multiple users access these interfaces regularly. Given the increasing targeting of European industrial sectors by cyber adversaries, this vulnerability could be leveraged in targeted attacks against critical infrastructure or manufacturing plants, potentially causing operational disruptions and economic losses.

1. Immediate mitigation should focus on restricting access to the Anybus-CompactCom 30 web interfaces by implementing network segmentation and strict access controls, limiting interface exposure to trusted personnel only. 2. Employ web application firewalls (WAFs) or intrusion prevention systems (IPS) capable of detecting and blocking XSS payloads targeting these devices. 3. Train operators and administrators to recognize suspicious web interface behaviors and avoid interacting with untrusted links or inputs that could trigger malicious scripts. 4. Monitor logs and network traffic for unusual activity related to the management interfaces of Anybus-CompactCom 30 devices. 5. Coordinate with HMS Industrial Networks for timely release and deployment of official patches or firmware updates addressing this vulnerability. 6. Where possible, implement input validation or sanitization proxies that can filter out malicious HTML/JavaScript before it reaches the device. 7. Conduct regular security assessments and penetration tests focusing on OT web interfaces to identify and remediate similar vulnerabilities proactively.