CVE-2022-22511

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.1%

top 73.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wago Compact Controller Cc100 (751-9301)Wago Edge Controller (752-8303/8000-002)Wago Series Pfc100 (750-81xx/xxx-xxx)+29 more

Timeline

PublishedMar 9

Latest updateMar 10

Description

Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages32 packages

▶NVDwago/750-82_firmwarefw16 — fw22

▶NVDwago/750-8100_firmwarefw16 — fw22

▶NVDwago/750-8101_firmwarefw16 — fw22

▶NVDwago/750-8102_firmwarefw16 — fw22

▶NVDwago/750-8202_firmwarefw16 — fw22

🔴Vulnerability Details

GHSA

GHSA-9vh8-h9vp-88fv: Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks↗2022-03-10

▶

CVEList

WAGO PLCs WBM vulnerable to reflected XSS↗2022-03-09

▶