CVE-2022-40190

SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting XSS. The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users’ browsers and steal sensitive...

CVE-2022-40190

SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting XSS. The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users’ browsers and steal sensitive...

Cross site scripting

SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting XSS. The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users’ browsers and steal sensitive...

CVE-2022-40190

SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting XSS. The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users’ browsers and steal sensitive...

CVE-2022-40190

SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting XSS. The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users’ browsers and steal sensitive...

CVE-2022-40190

SAUTER moduWeb firmware version 2.7.1 is affected by a reflective cross-site scripting (XSS) vulnerability due to insufficient sanitization of request strings. This can allow an attacker to execute malicious JavaScript in a user’s browser and potentially steal credentials or other sensitive data....

PT-2022-25271 · Sauter Controls · Sauter Controls Moduweb

Name of the Vulnerable Software and Affected Versions: SAUTER Controls moduWeb firmware version 2.7.1 Description: The web application does not adequately sanitize request strings of malicious JavaScript, allowing an attacker to execute malicious code in users' browsers and steal sensitive...

SAUTER Controls moduWeb

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: SAUTER Controls Equipment: moduWeb Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to trick users into clicking on malicious...

Sauter moduWeb Vision Vulnerabilities

OVERVIEW Martin Jartelius and John Stock of Outpost24 have identified three vulnerabilities in Sauter’s moduWeb Vision application. Sauter has produced a new firmware version to mitigate these vulnerabilities. The researchers have tested the new firmware version to validate that it resolves the...

Sauter moduWeb Vision Certificate Insecure Storage Vulnerability

Sauter moduWeb Vision is an embedded web-based SCADA system for HVAC. Sauter modoWeb Vision uses an insecure method of storing credentials, allowing remote attackers to bypass authentication by exploiting this vulnerability...

Sauter moduWeb Vision Security Bypass Vulnerability

Sauter moduWeb Vision is an embedded web-based SCADA system for HVAC. Sauter modoWeb Vision transmits data in plaintext. A remote attacker could use this vulnerability to obtain credentials and bypass authentication...

Sauter moduWeb Vision Web Server Cross-Site Scripting Vulnerability

Sauter moduWeb Vision is an embedded web-based SCADA system for HVAC. A cross-site scripting vulnerability exists in the web server of Sauter modoWeb Vision, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to gain access to...

CVE-2015-7916

Cross-site scripting XSS vulnerability in Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query...

CVE-2015-7915

Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network...

CVE-2015-7914

Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote attackers to bypass authentication by leveraging knowledge of a password hash without knowledge of the associated password...

CVE-2015-7915

Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network...

CVE-2015-7914

Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote attackers to bypass authentication by leveraging knowledge of a password hash without knowledge of the associated password...

Cross site scripting

Cross-site scripting XSS vulnerability in Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query...

Design/Logic Flaw

Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network...

CVE-2015-7916

Cross-site scripting XSS vulnerability in Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query...