CVE-2022-22511

Summary

Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.

Affected Software

VendorProductVersion RangeStatus
WAGOCompact Controller CC100 (751-9301)FW16 < FW22affected
WAGOEdge Controller (752-8303/8000-002)FW16 < FW22affected
WAGOSeries PFC100 (750-81xx/xxx-xxx)FW16 < FW22affected
WAGOSeries PFC200 (750-82xx/xxx-xxx)FW16 < FW22affected
WAGOSeries Touch Panel 600 Advanced Line (762-5xxx)FW16 FW22affected
WAGOSeries Touch Panel 600 Marine Line (762-6xxx)FW16 FW22affected
WAGOSeries Touch Panel 600 Standard Line (762-4xxx)FW16 FW22affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References