Lucene search

[email protected]NVD:CVE-2022-22511

HistoryMar 09, 2022 - 8:15 p.m.

CVE-2022-22511

2022-03-0920:15:08

CWE-79

[email protected]

web.nvd.nist.gov

configuration pages

reflected xss

cross-site scripting

authorized attacker

confidential information

compromised

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

22.7%

JSON

Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.

Affected configurations

Nvd

Node

wago750-8100_firmwareRangefw16–fw22

AND

wago750-8100Match-

Node

wago750-8101_firmwareRangefw16–fw22

AND

wago750-8101Match-

Node

wago750-8102_firmwareRangefw16–fw22

AND

wago750-8102Match-

Node

wago751-9301_firmwareRangefw16–fw22

AND

wago751-9301Match-

Node

wago750-8202_firmwareRangefw16–fw22

AND

wago750-8202Match-

Node

wago762-4205\/8000-002_firmwareRangefw16–fw22

AND

wago762-4205\/8000-002Match-

Node

wago762-4206\/8000-002_firmwareRangefw16–fw22

AND

wago762-4206\/8000-002Match-

Node

wago762-4305\/8000-002_firmwareRangefw16–fw22

AND

wago762-4305\/8000-002Match-

Node

wago762-4306\/8000-002_firmwareRangefw16–fw22

AND

wago762-4306\/8000-002Match-

Node

wago762-5205\/8000-001_firmwareRangefw16–fw22

AND

wago762-5205\/8000-001Match-

Node

wago762-5206\/8000-001_firmwareRangefw16–fw22

AND

wago762-5206\/8000-001Match-

Node

wago762-5305\/8000-002_firmwareRangefw16–fw22

AND

wago762-5305\/8000-002Match-

Node

wago762-5306\/8000-002_firmwareRangefw16–fw22

AND

wago762-5306\/8000-002Match-

Node

wago762-6301\/8000-002_firmwareRangefw16–fw22

AND

wago762-6301\/8000-002Match-

Node

wago762-6302\/8000-002_firmwareRangefw16–fw22

AND

wago762-6302\/8000-002Match-

Node

wago762-6303\/8000-002_firmwareRangefw16–fw22

AND

wago762-6303\/8000-002Match-

Node

wago762-6304\/8000-002_firmwareRangefw16–fw22

AND

wago762-6304\/8000-002Match-

Node

wago750-8102\/025-000_firmwareRangefw16–fw22

AND

wago750-8102\/025-000Match-

Node

wago750-8101\/025-000_firmwareRangefw16–fw22

AND

wago750-8102\/025-000Match-

Node

wago750-82_firmwareRangefw16–fw22

AND

wago750-82Match-

Node

wago750-8202\/000-012_firmwareRangefw16–fw22

AND

wago750-8202\/000-012Match-

Node

wago750-8202\/000-022_firmwareRangefw16–fw22

AND

wago750-8202\/000-022Match-

Node

wago750-8202\/025-001_firmwareRangefw16–fw22

AND

wago750-8202\/025-001Match-

Node

wago750-8202\/025-000_firmwareRangefw16–fw22

AND

wago750-8202\/025-000Match-

Node

wago752-8303\/8000-002_firmwareRangefw16–fw22

AND

wago752-8303\/8000-002Match-

VendorProductVersionCPE
wago750-8100_firmware*cpe:2.3:o:wago:750-8100_firmware:*:*:*:*:*:*:*:*
wago750-8100-cpe:2.3:h:wago:750-8100:-:*:*:*:*:*:*:*
wago750-8101_firmware*cpe:2.3:o:wago:750-8101_firmware:*:*:*:*:*:*:*:*
wago750-8101-cpe:2.3:h:wago:750-8101:-:*:*:*:*:*:*:*
wago750-8102_firmware*cpe:2.3:o:wago:750-8102_firmware:*:*:*:*:*:*:*:*
wago750-8102-cpe:2.3:h:wago:750-8102:-:*:*:*:*:*:*:*
wago751-9301_firmware*cpe:2.3:o:wago:751-9301_firmware:*:*:*:*:*:*:*:*
wago751-9301-cpe:2.3:h:wago:751-9301:-:*:*:*:*:*:*:*
wago750-8202_firmware*cpe:2.3:o:wago:750-8202_firmware:*:*:*:*:*:*:*:*
wago750-8202-cpe:2.3:h:wago:750-8202:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wago	750-8100_firmware	*	cpe:2.3:o:wago:750-8100_firmware::::::::
wago	750-8100	-	cpe:2.3:h:wago:750-8100:-:::::::*
wago	750-8101_firmware	*	cpe:2.3:o:wago:750-8101_firmware::::::::
wago	750-8101	-	cpe:2.3:h:wago:750-8101:-:::::::*
wago	750-8102_firmware	*	cpe:2.3:o:wago:750-8102_firmware::::::::
wago	750-8102	-	cpe:2.3:h:wago:750-8102:-:::::::*
wago	751-9301_firmware	*	cpe:2.3:o:wago:751-9301_firmware::::::::
wago	751-9301	-	cpe:2.3:h:wago:751-9301:-:::::::*
wago	750-8202_firmware	*	cpe:2.3:o:wago:750-8202_firmware::::::::
wago	750-8202	-	cpe:2.3:h:wago:750-8202:-:::::::*

Rows per page:

1-10 of 491

References

cert.vde.com/en/advisories/VDE-2022-004/

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

22.7%

JSON

Related for NVD:CVE-2022-22511

prion1 cve2 nessus1 cvelist1 nvd1