CVE-2018-25090

Summary

An unauthenticated remote attacker can use an XSS attack due to improper neutralization of input during web page generation. User interaction is required. This leads to a limited impact of confidentiality and integrity but no impact of availability.

Affected Software

VendorProductVersion RangeStatus
WAGOController BACnet/IP0 <= FW13affected
WAGOController BACnet MS/TP0 <= FW13affected
WAGOEthernet Controller 3rd Generation0 <= FW13affected
WAGOEthernet Controller 3rd Generation0 <= FW13affected
WAGOFieldbus Coupler Ethernet 3rd Generation0 <= FW13affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References