CVE-2022-45137

The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability.

Published: Feb 27, 2023
Updated: Apr 14, 2023
CVE: CVE-2022-45137
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
wago / 751-9301_firmware	16	22
wago / 751-9301_firmware	22	22.x
wago / 751-9301_firmware	23	23.x
wago / 752-8303/8000-002_firmware	18	22
wago / 752-8303/8000-002_firmware	22	22.x
wago / 752-8303/8000-002_firmware	23	23.x
wago / pfc100_firmware	16	22
wago / pfc100_firmware	22	22.x
wago / pfc100_firmware	23	23.x
wago / pfc200_firmware	16	22
wago / pfc200_firmware	22	22.x
wago / pfc200_firmware	23	23.x
wago / touch_panel_600_advanced_firmware	16	22
wago / touch_panel_600_advanced_firmware	22	22.x
wago / touch_panel_600_advanced_firmware	23	23.x
wago / touch_panel_600_marine_firmware	16	22
wago / touch_panel_600_marine_firmware	22	22.x
wago / touch_panel_600_marine_firmware	23	23.x
wago / touch_panel_600_standard_firmware	16	22
wago / touch_panel_600_standard_firmware	22	22.x
wago / touch_panel_600_standard_firmware	23	23.x

https://cert.vde.com/en/advisories/VDE-2022-060/

Vulnerability Database

289,697

CVE-2022-45137