CVE-2022-3073

Published: Dec 14, 2022Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: info@cert.vde.com (Secondary)

Description

Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser environment. The affected script is '*-schema.js'.

Affected (9)

Products: Weidmueller: 19 Iot Md01 Lan H4 S0011 Firmware, Fp Iot Md01 4eu S2 00000 Firmware, Fp Iot Md01 Lan S2 00000 Firmware, Fp Iot Md01 Lan S2 00011 Firmware, Fp Iot Md02 4eu S3 00000 Firmware, Iot Gw30 Firmware, Iot Gw30 4g Eu Firmware, Uc20 Wl2000 Ac Firmware, Uc20 Wl2000 Iot Firmware

Weidmueller

9 products

19 Iot Md01 Lan H4 S0011 Firmware

Fp Iot Md01 4eu S2 00000 Firmware

Fp Iot Md01 Lan S2 00000 Firmware

Fp Iot Md01 Lan S2 00011 Firmware

Fp Iot Md02 4eu S3 00000 Firmware

Iot Gw30 Firmware

Iot Gw30 4g Eu Firmware

Uc20 Wl2000 Ac Firmware

Uc20 Wl2000 Iot Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Weidmueller 19 Iot Md01 Lan H4 S0011 Firmware	All versions

Running on/with	Platform Versions
Weidmueller 19 Iot Md01 Lan H4 S0011	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Weidmueller Fp Iot Md01 4eu S2 00000 Firmware	All versions

Running on/with	Platform Versions
Weidmueller Fp Iot Md01 4eu S2 00000	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Weidmueller Fp Iot Md01 Lan S2 00000 Firmware	All versions

Running on/with	Platform Versions
Weidmueller Fp Iot Md01 Lan S2 00000	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Weidmueller Fp Iot Md01 Lan S2 00011 Firmware	All versions

Running on/with	Platform Versions
Weidmueller Fp Iot Md01 Lan S2 00011	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Weidmueller Fp Iot Md02 4eu S3 00000 Firmware	All versions

Running on/with	Platform Versions
Weidmueller Fp Iot Md02 4eu S3 00000	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Weidmueller Iot Gw30 Firmware	Up to 1.16.0

Running on/with	Platform Versions
Weidmueller Iot Gw30	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Weidmueller Iot Gw30 4g Eu Firmware	Up to 1.16.0

Running on/with	Platform Versions
Weidmueller Iot Gw30 4g Eu	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Weidmueller Uc20 Wl2000 Ac Firmware	Up to 1.16.0

Running on/with	Platform Versions
Weidmueller Uc20 Wl2000 Ac	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Weidmueller Uc20 Wl2000 Iot Firmware	Up to 1.16.0

Running on/with	Platform Versions
Weidmueller Uc20 Wl2000 Iot	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://cert.vde.com/de/advisories/VDE-2022-056/

Source: info@cert.vde.com

Third Party Advisory

https://cert.vde.com/de/advisories/VDE-2022-056/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.