CVE-2022-22511
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| WAGO | Compact Controller CC100 (751-9301) | FW16 < FW22 | affected |
| WAGO | Edge Controller (752-8303/8000-002) | FW16 < FW22 | affected |
| WAGO | Series PFC100 (750-81xx/xxx-xxx) | FW16 < FW22 | affected |
| WAGO | Series PFC200 (750-82xx/xxx-xxx) | FW16 < FW22 | affected |
| WAGO | Series Touch Panel 600 Advanced Line (762-5xxx) | FW16 FW22 | affected |
| WAGO | Series Touch Panel 600 Marine Line (762-6xxx) | FW16 FW22 | affected |
| WAGO | Series Touch Panel 600 Standard Line (762-4xxx) | FW16 FW22 | affected |
Weaknesses
- CWE-79: CWE-79 Cross-site Scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.