Lucene search

ABBCVELIST:CVE-2022-4286

HistoryFeb 14, 2023 - 2:25 p.m.

CVE-2022-4286 Reflected Cross-Site Scripting Vulnerabilities in Automation Runtime

2023-02-1414:25:37

CWE-79

ABB

www.cve.org

cve-2022-4286

xss

automation runtime

system diagnostics manager

b&r

remote attacker

javascript

browser session

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

43.1%

JSON

A reflected cross-site scripting (XSS) vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions >=3.00 and <=C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "System Diagnostics Manager"
    ],
    "product": "B&R Automation Runtime",
    "vendor": "B&R Industrial Automation",
    "versions": [
      {
        "lessThanOrEqual": "C4.93",
        "status": "affected",
        "version": ">=3.00",
        "versionType": "custom"
      }
    ]
  }
]

References

www.br-automation.com/downloads_br_productcatalogue/assets/1675607299099-en-original-1.0.pdf

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

43.1%

JSON

Related for CVELIST:CVE-2022-4286