CVE-2022-45137

Summary

The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability.

Affected Software

VendorProductVersion RangeStatus
WAGOCompact Controller CC100 (751-9301)FW16 < FW22affected
WAGOCompact Controller CC100 (751-9301)FW22 Patch 1unaffected
WAGOCompact Controller CC100 (751-9301)FW23affected
WAGOEdge Controller (752-8303/8000-002)FW18 < FW22affected
WAGOEdge Controller (752-8303/8000-002)FW22 Patch 1unaffected
WAGOEdge Controller (752-8303/8000-002)FW23affected
WAGOPFC100 (750-81xx/xxx-xxx)FW16 < FW22affected
WAGOPFC100 (750-81xx/xxx-xxx)FW22 Patch 1unaffected
WAGOPFC100 (750-81xx/xxx-xxx)FW23affected
WAGOPFC200 (750-82xx/xxx-xxx)FW16 < FW22affected
WAGOPFC200 (750-82xx/xxx-xxx)FW22 Patch 1unaffected
WAGOPFC200 (750-82xx/xxx-xxx)FW23affected
WAGOTouch Panel 600 Advanced Line (762-5xxx)FW16 < FW22affected
WAGOTouch Panel 600 Advanced Line (762-5xxx)FW22 Patch 1unaffected
WAGOTouch Panel 600 Advanced Line (762-5xxx)FW23affected
WAGOTouch Panel 600 Marine Line (762-6xxx)FW16 < FW22affected
WAGOTouch Panel 600 Marine Line (762-6xxx)FW22 Patch 1unaffected
WAGOTouch Panel 600 Marine Line (762-6xxx)FW23affected
WAGOTouch Panel 600 Standard Line (762-4xxx)FW16 < FW22affected
WAGOTouch Panel 600 Standard Line (762-4xxx)FW22 Patch 1unaffected
WAGOTouch Panel 600 Standard Line (762-4xxx)FW23affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

References