Lucene search

[email protected]CVE-2022-22511

HistoryMar 09, 2022 - 8:15 p.m.

CVE-2022-22511

2022-03-0920:15:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-22511

xss

cross-site scripting

configuration pages

vulnerability

confidential information

nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.

Affected configurations

NVD

Node

wago750-8100_firmwareRangefw16–fw22

AND

wago750-8100Match-

Node

wago750-8101_firmwareRangefw16–fw22

AND

wago750-8101Match-

Node

wago750-8102_firmwareRangefw16–fw22

AND

wago750-8102Match-

Node

wago751-9301_firmwareRangefw16–fw22

AND

wago751-9301Match-

Node

wago750-8202_firmwareRangefw16–fw22

AND

wago750-8202Match-

Node

wago762-4205\/8000-002_firmwareRangefw16–fw22

AND

wago762-4205\/8000-002Match-

Node

wago762-4206\/8000-002_firmwareRangefw16–fw22

AND

wago762-4206\/8000-002Match-

Node

wago762-4305\/8000-002_firmwareRangefw16–fw22

AND

wago762-4305\/8000-002Match-

Node

wago762-4306\/8000-002_firmwareRangefw16–fw22

AND

wago762-4306\/8000-002Match-

Node

wago762-5205\/8000-001_firmwareRangefw16–fw22

AND

wago762-5205\/8000-001Match-

Node

wago762-5206\/8000-001_firmwareRangefw16–fw22

AND

wago762-5206\/8000-001Match-

Node

wago762-5305\/8000-002_firmwareRangefw16–fw22

AND

wago762-5305\/8000-002Match-

Node

wago762-5306\/8000-002_firmwareRangefw16–fw22

AND

wago762-5306\/8000-002Match-

Node

wago762-6301\/8000-002_firmwareRangefw16–fw22

AND

wago762-6301\/8000-002Match-

Node

wago762-6302\/8000-002_firmwareRangefw16–fw22

AND

wago762-6302\/8000-002Match-

Node

wago762-6303\/8000-002_firmwareRangefw16–fw22

AND

wago762-6303\/8000-002Match-

Node

wago762-6304\/8000-002_firmwareRangefw16–fw22

AND

wago762-6304\/8000-002Match-

Node

wago750-8102\/025-000_firmwareRangefw16–fw22

AND

wago750-8102\/025-000Match-

Node

wago750-8101\/025-000_firmwareRangefw16–fw22

AND

wago750-8102\/025-000Match-

Node

wago750-82_firmwareRangefw16–fw22

AND

wago750-82Match-

Node

wago750-8202\/000-012_firmwareRangefw16–fw22

AND

wago750-8202\/000-012Match-

Node

wago750-8202\/000-022_firmwareRangefw16–fw22

AND

wago750-8202\/000-022Match-

Node

wago750-8202\/025-001_firmwareRangefw16–fw22

AND

wago750-8202\/025-001Match-

Node

wago750-8202\/025-000_firmwareRangefw16–fw22

AND

wago750-8202\/025-000Match-

Node

wago752-8303\/8000-002_firmwareRangefw16–fw22

AND

wago752-8303\/8000-002Match-

CPENameOperatorVersion
wago:750-8100_firmwarewago 750-8100 firmwareltfw22

CPE	Name	Operator	Version
wago:750-8100_firmware	wago 750-8100 firmware	lt	fw22

CNA Affected

[
  {
    "product": "Compact Controller CC100 (751-9301)",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThan": "FW22",
        "status": "affected",
        "version": "FW16",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Edge Controller (752-8303/8000-002)",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThan": "FW22",
        "status": "affected",
        "version": "FW16",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Series PFC100 (750-81xx/xxx-xxx)",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThan": "FW22",
        "status": "affected",
        "version": "FW16",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Series PFC200 (750-82xx/xxx-xxx)",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThan": "FW22",
        "status": "affected",
        "version": "FW16",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Series Touch Panel 600 Advanced Line (762-5xxx)",
    "vendor": "WAGO",
    "versions": [
      {
        "status": "affected",
        "version": "FW16 FW22"
      }
    ]
  },
  {
    "product": "Series Touch Panel 600 Marine Line (762-6xxx)",
    "vendor": "WAGO",
    "versions": [
      {
        "status": "affected",
        "version": "FW16 FW22"
      }
    ]
  },
  {
    "product": "Series Touch Panel 600 Standard Line (762-4xxx)",
    "vendor": "WAGO",
    "versions": [
      {
        "status": "affected",
        "version": "FW16 FW22"
      }
    ]
  }
]

References

cert.vde.com/en/advisories/VDE-2022-004/

Social References

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

Related for CVE-2022-22511

nvd2 prion1 cvelist1 nessus1 cve1