TROYANOSYVIRUS
Volver a CVEs

CVE-2022-22511

MEDIUM
5.4

Descripcion

Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.

Detalles CVE

Puntuacion CVSS v3.15.4
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado3/9/2022
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0

Productos afectados

wago:750-8100wago:750-8100_firmwarewago:750-8101wago:750-8101\/025-000_firmwarewago:750-8101_firmwarewago:750-8102wago:750-8102\/025-000wago:750-8102\/025-000_firmwarewago:750-8102_firmwarewago:750-82wago:750-8202wago:750-8202\/000-012wago:750-8202\/000-012_firmwarewago:750-8202\/000-022wago:750-8202\/000-022_firmwarewago:750-8202\/025-000wago:750-8202\/025-000_firmwarewago:750-8202\/025-001wago:750-8202\/025-001_firmwarewago:750-8202_firmwarewago:750-82_firmwarewago:751-9301wago:751-9301_firmwarewago:752-8303\/8000-002wago:752-8303\/8000-002_firmwarewago:762-4205\/8000-002wago:762-4205\/8000-002_firmwarewago:762-4206\/8000-002wago:762-4206\/8000-002_firmwarewago:762-4305\/8000-002wago:762-4305\/8000-002_firmwarewago:762-4306\/8000-002wago:762-4306\/8000-002_firmwarewago:762-5205\/8000-001wago:762-5205\/8000-001_firmwarewago:762-5206\/8000-001wago:762-5206\/8000-001_firmwarewago:762-5305\/8000-002wago:762-5305\/8000-002_firmwarewago:762-5306\/8000-002wago:762-5306\/8000-002_firmwarewago:762-6301\/8000-002wago:762-6301\/8000-002_firmwarewago:762-6302\/8000-002wago:762-6302\/8000-002_firmwarewago:762-6303\/8000-002wago:762-6303\/8000-002_firmwarewago:762-6304\/8000-002wago:762-6304\/8000-002_firmware

Debilidades (CWE)

CWE-79

Referencias

https://cert.vde.com/en/advisories/VDE-2022-004/(info@cert.vde.com)
https://cert.vde.com/en/advisories/VDE-2022-004/(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.