Lucene search
China National Vulnerability DatabaseCNVD-2022-17789HistoryMar 09, 2022 - 12:00 a.m.
Siemens Climatix POL909 (AWM and AWB)跨站脚本漏洞
2022-03-0900:00:00
China National Vulnerability Database
www.cnvd.org.cn
15
0.001 Low
EPSS
Percentile
31.5%
Siemens Climatix AWB (Advanced Web and BACnet Module, POL909) enables users of the Climatix 600 solution to connect to a BACnet IP network and implement and load customer web pages and features. Siemens Climatix AWM (Advanced Web Module, POL909) enables users of the Climatix 600 solution to implement and load customer web pages and features. The Siemens Climatix POL909 (AWM and AWB) contains a cross-site scripting vulnerability that could be exploited to send malicious JavaScript code that could hijack a user’s cookie /session token, redirect the user to a malicious web page, and perform unexpected browser actions.
| CPE | Name | Operator | Version |
|---|---|---|---|
| Siemens Climatix POL909 (AWB module) < V | eq | 11.44 | |
| Siemens Climatix POL909 (AWM module) < V | eq | 11.36 |
Related
cve
cve
CVE-2021-41541
2022-03-08 12:15:10
nvd
nvd
CVE-2021-41541
2022-03-08 12:15:10
cvelist
cvelist
CVE-2021-41541
2022-03-08 11:31:09
prion
prion
Cross site scripting
2022-03-08 12:15:00
ics
ics
Siemens Climatix POL909
2022-03-10 12:00:00