CVE-2025-3020
5.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Summary
An low privileged remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into several fields of the configuration webpage with limited impact.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Wiesemann & Theis | ERP-Gateway 12x Digital Input, 6x Digital Relais | all | affected |
| Wiesemann & Theis | ERP-Gateway 2x Digital Input, 2x Digital Output | all | affected |
| Wiesemann & Theis | ERP-Gateway 2x Digital PoE | all | affected |
| Wiesemann & Theis | Web-Alarm 6x6 DigitalWeb-Alarm 6x6 Digital | all | affected |
| Wiesemann & Theis | Web-Count 6x Digital | 0 < 3.79 | affected |
| Wiesemann & Theis | Web-Graph Air Quality | all | affected |
| Wiesemann & Theis | Web-IO 12x Digital Input, 6x Digital Relais | all | affected |
| Wiesemann & Theis | Web-IO 12x Digital Input, 6x Digital Relais | all | affected |
| Wiesemann & Theis | Web-IO 12x Digital Input, 6x Digital Relais | all | affected |
| Wiesemann & Theis | Web-IO Analog-In/Out 2x 0/4..20mA PoE | all | affected |
| Wiesemann & Theis | Web-IO Digital 12xIn, 12xOut | all | affected |
| Wiesemann & Theis | Web-IO Digital 12xIn, 12xOut | all | affected |
| Wiesemann & Theis | Web-IO Digital 12xIn, 12xOut | 0 < 4.08 | affected |
| Wiesemann & Theis | Web-IO Digital 12xIn, 12xOut, 1xRS232 | all | affected |
| Wiesemann & Theis | Web-IO Digital 12xIn, 12xOut, 1xRS232 | all | affected |
| Wiesemann & Theis | Web-IO Digital 2xIn, 2xOut | all | affected |
| Wiesemann & Theis | Web-IO Digital 2xIn, 2xOut | all | affected |
| Wiesemann & Theis | Web-IO Digital 2xIn, 2xOut | all | affected |
| Wiesemann & Theis | Web-IO Digital Logger 6xIn, 6xOut | 0 < 3.70 | affected |
| Wiesemann & Theis | Web-Thermograph 2x | all | affected |
| Wiesemann & Theis | Web-Thermograph 8x | all | affected |
| Wiesemann & Theis | Web-Thermograph NTC | all | affected |
| Wiesemann & Theis | Web-Thermograph NTC PoE | all | affected |
| Wiesemann & Theis | Web-Thermograph Pt100 / Pt1000 | all | affected |
| Wiesemann & Theis | Web-Thermograph Pt100 / Pt1000 PoE | all | affected |
| Wiesemann & Theis | Web-Thermograph Relais | all | affected |
| Wiesemann & Theis | Web-Thermo-Hygrobarograph | all | affected |
| Wiesemann & Theis | Web-Thermo-Hygrograph | all | affected |
Weaknesses
- CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.