Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2022-28717
HistoryMay 18, 2022 - 3:15 p.m.

CVE-2022-28717

2022-05-1815:15:10
CWE-79
[email protected]
web.nvd.nist.gov
42
3
cve-2022-28717
cross-site scripting
rebooter
scheduler
security vulnerability
nvd
injection
firmware
remote attack

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.3%

JSON

Cross-site scripting vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, WATCH BOOT mini RPC-M4H [End of Sale] all firmware versions, WATCH BOOT nino RPC-M2CS firmware version 1.00A to 1.00D, WATCH BOOT light RPC-M5CS firmware version 1.00A to 1.00D, WATCH BOOT L-zero RPC-M4LS firmware version 1.00A to 1.20A, and Signage Rebooter RPC-M4HSi firmware version 1.00A), PoE Rebooter(PoE BOOT nino PoE8M2 firmware version 1.00A to 1.20A), Scheduler(TIME BOOT mini RSC-MT4H [End of Sale] all firmware versions, TIME BOOT RSC-MT8F [End of Sale] all firmware versions, TIME BOOT RSC-MT8FP [End of Sale] all firmware versions, TIME BOOT mini RSC-MT4HS firmware version 1.00A to 1.10A, and TIME BOOT RSC-MT8FS firmware version 1.00A to 1.00E), and Contact Converter(POSE SE10-8A7B1 firmware version 1.00A to 1.20A) allows a remote attacker with the administrative privilege to inject an arbitrary script via unspecified vectors.

Affected configurations

NVD
Node
meikyowatch_boot_nino_rpc-m2c_firmwareMatch-
AND
meikyowatch_boot_nino_rpc-m2cMatch-
Node
meikyowatch_boot_light_rpc-m5c_firmwareMatch-
AND
meikyowatch_boot_light_rpc-m5cMatch-
Node
meikyowatch_boot_l-zero_rpc-m4l_firmwareMatch-
AND
meikyowatch_boot_l-zero_rpc-m4lMatch-
Node
meikyowatch_boot_mini_rpc-m4h_firmwareMatch-
AND
meikyowatch_boot_mini_rpc-m4hMatch-
Node
meikyowatch_boot_nino_rpc-m2cs_firmwareRange1.00a1.00d
AND
meikyowatch_boot_nino_rpc-m2csMatch-
Node
meikyowatch_boot_light_rpc-m5cs_firmwareRange1.00a1.00d
AND
meikyowatch_boot_light_rpc-m5csMatch-
Node
meikyowatch_boot_l-zero_rpc-m4ls_firmwareRange1.00a1.20a
AND
meikyowatch_boot_l-zero_rpc-m4lsMatch-
Node
meikyosignage_rebooter_rpc-m4hsi_firmwareMatch1.00a
AND
meikyosignage_rebooter_rpc-m4hsiMatch-
Node
meikyopoe_boot_nino_poe8m2_firmwareRange1.00a1.20a
AND
meikyopoe_boot_nino_poe8m2Match-
Node
meikyotime_boot_mini_rsc-mt4h_firmwareMatch-
AND
meikyotime_boot_mini_rsc-mt4hMatch-
Node
meikyotime_boot_rsc-mt8f_firmwareMatch-
AND
meikyotime_boot_rsc-mt8fMatch-
Node
meikyotime_boot_rsc-mt8fp_firmwareMatch-
AND
meikyotime_boot_rsc-mt8fpMatch-
Node
meikyotime_boot_mini_rsc-mt4hs_firmwareRange1.00a1.10a
AND
meikyotime_boot_mini_rsc-mt4hsMatch-
Node
meikyotime_boot_rsc-mt8fs_firmwareRange1.00a1.00e
AND
meikyotime_boot_rsc-mt8fsMatch-
Node
meikyopose_se10-8a7b1_firmwareRange1.00a1.20a
OR
meikyopose_se10-8a7b1_firmwareMatch-
AND
meikyopose_se10-8a7b1Match-

CNA Affected

[
  {
    "product": "Rebooter, PoE Rebooter, Scheduler, and Contact Converter",
    "vendor": "MEIKYO ELECTRIC CO.,LTD.",
    "versions": [
      {
        "status": "affected",
        "version": "Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, WATCH BOOT mini RPC-M4H [End of Sale] all firmware versions, WATCH BOOT nino RPC-M2CS firmware version 1.00A to 1.00D, WATCH BOOT light RPC-M5CS firmware version 1.00A to 1.00D, WATCH BOOT L-zero RPC-M4LS firmware version 1.00A to 1.20A, and Signage Rebooter RPC-M4HSi firmware version 1.00A), PoE Rebooter(PoE BOOT nino PoE8M2 firmware version 1.00A to 1.20A), Scheduler(TIME BOOT mini RSC-MT4H [End of Sale] all firmware versions, TIME BOOT RSC-MT8F [End of Sale] all firmware versions, TIME BOOT RSC-MT8FP [End of Sale] all firmware versions, TIME BOOT mini RSC-MT4HS firmware version 1.00A to 1.10A,and TIME BOOT RSC-MT8FS firmware version 1.00A to 1.00E), and Contact Converter(POSE SE10-8A7B1 firmware version 1.00A to 1.20A)"
      }
    ]
  }
]

Social References

More

Related

prion 1
cvelist 1
nvd 1
jvn 1
prion
prion
Cross site scripting
2022-05-18 15:15:00
cvelist
cvelist
CVE-2022-28717
2022-05-18 09:50:23
nvd
nvd
CVE-2022-28717
2022-05-18 15:15:10
jvn
jvn
JVN#58266015: Multiple vulnerabilities in multiple MEIKYO ELECTRIC products
2022-05-09 00:00:00

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.3%

JSON
Related for CVE-2022-28717
prion1cvelist1nvd1jvn1