CVE-2022-4286

2023-02-1415:15:11

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-4286

cross-site scripting

xss

b&r automation runtime

security vulnerability

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

36.8%

JSON

A reflected cross-site scripting (XSS) vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions >=3.00 and <=C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session.

Affected configurations

NVD

Node

br-automationautomation_runtimeRange3.00–c4.93

CPENameOperatorVersion
br-automation:automation_runtimebr-automation automation runtimelec4.93

CPE	Name	Operator	Version
br-automation:automation_runtime	br-automation automation runtime	le	c4.93

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "System Diagnostics Manager"
    ],
    "product": "B&R Automation Runtime",
    "vendor": "B&R Industrial Automation",
    "versions": [
      {
        "lessThanOrEqual": "C4.93",
        "status": "affected",
        "version": ">=3.00",
        "versionType": "custom"
      }
    ]
  }
]