← Zuruck zu CVEs
CVE-2022-22511
MEDIUM5.4
Beschreibung
Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.
CVE Details
CVSS v3.1 Bewertung5.4
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionREQUIRED
Veroffentlicht3/9/2022
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
wago:750-8100wago:750-8100_firmwarewago:750-8101wago:750-8101\/025-000_firmwarewago:750-8101_firmwarewago:750-8102wago:750-8102\/025-000wago:750-8102\/025-000_firmwarewago:750-8102_firmwarewago:750-82wago:750-8202wago:750-8202\/000-012wago:750-8202\/000-012_firmwarewago:750-8202\/000-022wago:750-8202\/000-022_firmwarewago:750-8202\/025-000wago:750-8202\/025-000_firmwarewago:750-8202\/025-001wago:750-8202\/025-001_firmwarewago:750-8202_firmwarewago:750-82_firmwarewago:751-9301wago:751-9301_firmwarewago:752-8303\/8000-002wago:752-8303\/8000-002_firmwarewago:762-4205\/8000-002wago:762-4205\/8000-002_firmwarewago:762-4206\/8000-002wago:762-4206\/8000-002_firmwarewago:762-4305\/8000-002wago:762-4305\/8000-002_firmwarewago:762-4306\/8000-002wago:762-4306\/8000-002_firmwarewago:762-5205\/8000-001wago:762-5205\/8000-001_firmwarewago:762-5206\/8000-001wago:762-5206\/8000-001_firmwarewago:762-5305\/8000-002wago:762-5305\/8000-002_firmwarewago:762-5306\/8000-002wago:762-5306\/8000-002_firmwarewago:762-6301\/8000-002wago:762-6301\/8000-002_firmwarewago:762-6302\/8000-002wago:762-6302\/8000-002_firmwarewago:762-6303\/8000-002wago:762-6303\/8000-002_firmwarewago:762-6304\/8000-002wago:762-6304\/8000-002_firmware
Schwachen (CWE)
CWE-79
Referenzen
https://cert.vde.com/en/advisories/VDE-2022-004/(info@cert.vde.com)
https://cert.vde.com/en/advisories/VDE-2022-004/(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.