Lucene search

[email protected]CVE-2022-45137

HistoryFeb 27, 2023 - 3:15 p.m.

CVE-2022-45137

2023-02-2715:15:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-45137

configuration backend

web-based management

reflected xss

cross-site scripting

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.6 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

26.9%

JSON

The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability.

CPENameOperatorVersion
wago:751-9301_firmwarewago 751-9301 firmwarelt22
wago:751-9301_firmwarewago 751-9301 firmwareeq23
wago:752-8303\/8000-002_firmwarewago 752-8303\/8000-002 firmwarelt22
wago:752-8303\/8000-002_firmwarewago 752-8303\/8000-002 firmwareeq23
wago:pfc100_firmwarewago pfc100 firmwarelt22
wago:pfc100_firmwarewago pfc100 firmwareeq23
wago:pfc200_firmwarewago pfc200 firmwarelt22
wago:pfc200_firmwarewago pfc200 firmwareeq23
wago:touch_panel_600_advanced_firmwarewago touch panel 600 advanced firmwarelt22
wago:touch_panel_600_advanced_firmwarewago touch panel 600 advanced firmwareeq23

CPE	Name	Operator	Version
wago:751-9301_firmware	wago 751-9301 firmware	lt	22
wago:751-9301_firmware	wago 751-9301 firmware	eq	23
wago:752-8303\/8000-002_firmware	wago 752-8303\/8000-002 firmware	lt	22
wago:752-8303\/8000-002_firmware	wago 752-8303\/8000-002 firmware	eq	23
wago:pfc100_firmware	wago pfc100 firmware	lt	22
wago:pfc100_firmware	wago pfc100 firmware	eq	23
wago:pfc200_firmware	wago pfc200 firmware	lt	22
wago:pfc200_firmware	wago pfc200 firmware	eq	23
wago:touch_panel_600_advanced_firmware	wago touch panel 600 advanced firmware	lt	22
wago:touch_panel_600_advanced_firmware	wago touch panel 600 advanced firmware	eq	23

Rows per page:

1-10 of 141

References

cert.vde.com/en/advisories/VDE-2022-060/

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.6 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

26.9%

JSON

Related for CVE-2022-45137

prion1 nessus1 cvelist1 thn1