TROYANOSYVIRUS
Back to CVEs

CVE-2022-22511

MEDIUM
5.4

Description

Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.

CVE Details

CVSS v3.1 Score5.4
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionREQUIRED
Published3/9/2022
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0

Affected Products

wago:750-8100wago:750-8100_firmwarewago:750-8101wago:750-8101\/025-000_firmwarewago:750-8101_firmwarewago:750-8102wago:750-8102\/025-000wago:750-8102\/025-000_firmwarewago:750-8102_firmwarewago:750-82wago:750-8202wago:750-8202\/000-012wago:750-8202\/000-012_firmwarewago:750-8202\/000-022wago:750-8202\/000-022_firmwarewago:750-8202\/025-000wago:750-8202\/025-000_firmwarewago:750-8202\/025-001wago:750-8202\/025-001_firmwarewago:750-8202_firmwarewago:750-82_firmwarewago:751-9301wago:751-9301_firmwarewago:752-8303\/8000-002wago:752-8303\/8000-002_firmwarewago:762-4205\/8000-002wago:762-4205\/8000-002_firmwarewago:762-4206\/8000-002wago:762-4206\/8000-002_firmwarewago:762-4305\/8000-002wago:762-4305\/8000-002_firmwarewago:762-4306\/8000-002wago:762-4306\/8000-002_firmwarewago:762-5205\/8000-001wago:762-5205\/8000-001_firmwarewago:762-5206\/8000-001wago:762-5206\/8000-001_firmwarewago:762-5305\/8000-002wago:762-5305\/8000-002_firmwarewago:762-5306\/8000-002wago:762-5306\/8000-002_firmwarewago:762-6301\/8000-002wago:762-6301\/8000-002_firmwarewago:762-6302\/8000-002wago:762-6302\/8000-002_firmwarewago:762-6303\/8000-002wago:762-6303\/8000-002_firmwarewago:762-6304\/8000-002wago:762-6304\/8000-002_firmware

Weaknesses (CWE)

CWE-79

References

https://cert.vde.com/en/advisories/VDE-2022-004/(info@cert.vde.com)
https://cert.vde.com/en/advisories/VDE-2022-004/(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.