Cross-Site Scripting Vulnerability in WAGO Ethernet Controllers
CVE-2018-16210

6.1MEDIUM

Key Information:

Vendor: Wago
Status: Wago 750-881 Ethernet Controller Devices Firmware
Vendor: CVE Published:; 12 October 2018

Summary

WAGO 750-88X and WAGO 750-89X Ethernet Controller devices are susceptible to a Cross-Site Scripting (XSS) vulnerability in their SNMP configuration settings. This vulnerability occurs through the SNMP_DESC or SNMP_LOC_SNMP_CONT fields of the webserv/cplcfg/snmp.ssi interface. Attackers can exploit this flaw to inject malicious scripts into the web configurations, potentially leading to unauthorized access and data leakage.

References

https://www.exploit-db.com/exploits/45581/

exploitx_refsource_EXPLOIT-DB

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 12, 2018
Vulnerability Reserved
Aug 30, 2018