{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T21:46:22.139","vulnerabilities":[{"cve":{"id":"CVE-2014-5417","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2014-11-05T11:55:06.827","lastModified":"2025-11-05T00:15:33.907","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in Meinberg NTP Server firmware on LANTIME M-Series devices 6.15.019 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."},{"lang":"es","value":"Vulnerabilidad de XSS en Meinberg NTP Server firmware en los dispositivos LANTIME M-Series 6.15.019 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados."}],"metrics":{"cvssMetricV2":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:meinberg:ntp_server_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"9ECC0D7C-3328-432F-8048-CA46CE46C184"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:meinberg:lantime_m100:*:*:*:*:*:*:*:*","versionEndIncluding":"6.15.0.19","matchCriteriaId":"6E0C144F-4A90-43DC-982E-2330DF8FF698"},{"vulnerable":true,"criteria":"cpe:2.3:h:meinberg:lantime_m200:*:*:*:*:*:*:*:*","versionEndIncluding":"6.15.0.19","matchCriteriaId":"BDB2B731-6454-430D-8F63-7C77D54EAF63"},{"vulnerable":true,"criteria":"cpe:2.3:h:meinberg:lantime_m300:*:*:*:*:*:*:*:*","versionEndIncluding":"6.15.0.19","matchCriteriaId":"7B34BA5C-CCE1-408B-86AB-073AC4C7266F"},{"vulnerable":true,"criteria":"cpe:2.3:h:meinberg:lantime_m3000:*:*:*:*:*:*:*:*","versionEndIncluding":"6.15.0.19","matchCriteriaId":"EF533BFB-F7F9-4352-8178-4BC668A56C69"},{"vulnerable":true,"criteria":"cpe:2.3:h:meinberg:lantime_m400:*:*:*:*:*:*:*:*","versionEndIncluding":"6.15.0.19","matchCriteriaId":"CAEF244D-4FAC-4D2F-8694-6DF0CFEDFBFA"},{"vulnerable":true,"criteria":"cpe:2.3:h:meinberg:lantime_m600:*:*:*:*:*:*:*:*","versionEndIncluding":"6.15.0.19","matchCriteriaId":"7B6AAA23-D87F-4BDD-A147-6689E75D3800"},{"vulnerable":true,"criteria":"cpe:2.3:h:meinberg:lantime_m900:*:*:*:*:*:*:*:*","versionEndIncluding":"6.15.0.19","matchCriteriaId":"D1D98DB4-88A1-4113-A7B7-ECE0FC616371"}]}]}],"references":[{"url":"http://news.meinberg.de/259","source":"ics-cert@hq.dhs.gov"},{"url":"http://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-1404-lantime-web-interface-cross-site-scripting-vulnerability.htm","source":"ics-cert@hq.dhs.gov","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/70847","source":"ics-cert@hq.dhs.gov"},{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-275-01.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-14-275-01","source":"ics-cert@hq.dhs.gov"},{"url":"http://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-1404-lantime-web-interface-cross-site-scripting-vulnerability.htm","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/70847","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-14-275-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}}]}