Unauthenticated Remote Attackers Can Exploit XSS Vulnerability in Web Page Generation, Leading to Limited Impact on Confidentiality and Integrity
CVE-2018-25090

5.4MEDIUM

Key Information:

Vendor: Wago
Status: Controller Bacnet/ip; Controller Bacnet Ms/tp; Ethernet Controller 3rd Generation; Fieldbus Coupler Ethernet 3rd Generation
Vendor: CVE Published:; 13 March 2024

What is CVE-2018-25090?

This vulnerability presents an XSS (Cross-Site Scripting) risk, allowing unauthenticated remote attackers to exploit improper input neutralization during web page generation. While user interaction is necessary for the attack to succeed, the security implications include potential unauthorized access to sensitive information and modifications to the integrity of web content. Affected web applications may present a security risk, and developers should ensure input validation mechanisms are implemented to mitigate such vulnerabilities.

Affected Version(s)

Controller BACnet MS/TP 0

Controller BACnet/IP 0

Ethernet Controller 3rd Generation 0

References

https://cert.vde.com/en/advisories/VDE-2023-039/

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 13, 2024
Vulnerability Reserved
Sep 14, 2023

Wago

What is CVE-2018-25090?

Affected Version(s)

References

CVSS V3.1

Timeline