CVE-2025-1985

Summary

Due to improper neutralization of input during web page generation (XSS) an unauthenticated remote attacker can inject HTML code into the Web-UI in the affected device.

Affected Software

VendorProductVersion RangeStatus
Pepperl+FuchsProfinet Gateway FB8122A.1.EL0 < V1.3.13affected
Pepperl+FuchsProfinet Gateway LB8122A.1.EL0 < V1.3.13affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References