CVE-2021-41542

2022-03-0811:31:11

CWE-79

siemens

www.cve.org

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.3%

JSON

A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The User Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action.

CNA Affected

[
  {
    "product": "Climatix POL909 (AWB module)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V11.44"
      }
    ]
  },
  {
    "product": "Climatix POL909 (AWM module)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V11.36"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-252466.pdf