CVE-2022-45137

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.4%

top 40.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wago Compact Controller Cc100 (751-9301)Wago Edge Controller (752-8303/8000-002)Wago Pfc100 (750-81xx/xxx-xxx)+11 more

Timeline

PublishedFeb 27

Description

The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages14 packages

▶NVDwago/pfc100_firmware16 — 22+2

▶NVDwago/pfc200_firmware16 — 22+2

▶NVDwago/751-9301_firmware16 — 22+2

▶CVEListV5wago/pfc100_(750-81xx/xxx-xxx)FW16 — FW22+1

▶CVEListV5wago/pfc200_(750-82xx/xxx-xxx)FW16 — FW22+1

🔴Vulnerability Details

GHSA

GHSA-rqh8-4mfx-r6p6: The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser↗2023-02-27

▶

CVEList

WAGO: Reflective Cross-Site Scripting↗2023-02-27

▶