Lucene search

CERTVDECVELIST:CVE-2022-42786

HistoryNov 10, 2022 - 11:02 a.m.

CVE-2022-42786 Wiesemann & Theis: XSS vulnerability in web interface of the Com-Server family

2022-11-1011:02:32

CWE-79

CERTVDE

www.cve.org

cve-2022-42786

wiesemann & theis

xss

web interface

com-server

vulnerability

authenticated remote attacker

arbitrary web scripts

html

configuration webpage

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

29.2%

JSON

Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Com-Server LC",
    "vendor": "Wiesemann & Theis",
    "versions": [
      {
        "lessThan": "1.48",
        "status": "affected",
        "version": "1.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Com-Server PoE 3 x Isolated",
    "vendor": "Wiesemann & Theis",
    "versions": [
      {
        "lessThan": "1.48",
        "status": "affected",
        "version": "1.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Com-Server 20mA",
    "vendor": "Wiesemann & Theis",
    "versions": [
      {
        "lessThan": "1.48",
        "status": "affected",
        "version": "1.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Com-Server ++",
    "vendor": "Wiesemann & Theis",
    "versions": [
      {
        "lessThan": "1.48",
        "status": "affected",
        "version": "1.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "AT-Modem-Emulator",
    "vendor": "Wiesemann & Theis",
    "versions": [
      {
        "lessThan": "1.48",
        "status": "affected",
        "version": "1.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Com-Server UL",
    "vendor": "Wiesemann & Theis",
    "versions": [
      {
        "lessThan": "1.48",
        "status": "affected",
        "version": "1.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Com-Server Highspeed 100BaseFX",
    "vendor": "Wiesemann & Theis",
    "versions": [
      {
        "lessThan": "1.76",
        "status": "affected",
        "version": "1.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Com-Server Highspeed 100BaseLX",
    "vendor": "Wiesemann & Theis",
    "versions": [
      {
        "lessThan": "1.76",
        "status": "affected",
        "version": "1.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Com-Server Highspeed Office 1 Port",
    "vendor": "Wiesemann & Theis",
    "versions": [
      {
        "lessThan": "1.76",
        "status": "affected",
        "version": "1.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Com-Server Highspeed Office 4 Port",
    "vendor": "Wiesemann & Theis",
    "versions": [
      {
        "lessThan": "1.76",
        "status": "affected",
        "version": "1.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Com-Server Highspeed Industry",
    "vendor": "Wiesemann & Theis",
    "versions": [
      {
        "lessThan": "1.76",
        "status": "affected",
        "version": "1.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Com-Server Highspeed OEM",
    "vendor": "Wiesemann & Theis",
    "versions": [
      {
        "lessThan": "1.76",
        "status": "affected",
        "version": "1.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Com-Server Highspeed Compact",
    "vendor": "Wiesemann & Theis",
    "versions": [
      {
        "lessThan": "1.76",
        "status": "affected",
        "version": "1.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Com-Server Highspeed Isolated",
    "vendor": "Wiesemann & Theis",
    "versions": [
      {
        "lessThan": "1.76",
        "status": "affected",
        "version": "1.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Com-Server Highspeed 19\" 1Port",
    "vendor": "Wiesemann & Theis",
    "versions": [
      {
        "lessThan": "1.76",
        "status": "affected",
        "version": "1.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Com-Server Highspeed 19\" 4Port",
    "vendor": "Wiesemann & Theis",
    "versions": [
      {
        "lessThan": "1.76",
        "status": "affected",
        "version": "1.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Com-Server Highspeed PoE",
    "vendor": "Wiesemann & Theis",
    "versions": [
      {
        "lessThan": "1.76",
        "status": "affected",
        "version": "1.0",
        "versionType": "semver"
      }
    ]
  }
]

References

cert.vde.com/de/advisories/VDE-2022-043/