Cross-Site Scripting Vulnerability in Climatix POL909 by Siemens
CVE-2021-41541

6.1MEDIUM

Key Information:

Vendor: Siemens
Status: Climatix Pol909 (awb Module); Climatix Pol909 (awm Module)
Vendor: CVE Published:; 8 March 2022

Summary

A cross-site scripting vulnerability exists in the Group Management page of Climatix POL909 devices, specifically in the AWB and AWM modules. This flaw allows attackers to execute malicious JavaScript, potentially leading to session hijacking and redirection to harmful web pages. Affected devices are those running versions prior to V11.44 for the AWB module and V11.36 for the AWM module, making it critical for users to upgrade their systems to the latest versions to mitigate risks.

Affected Version(s)

Climatix POL909 (AWB module) All versions < V11.44

Climatix POL909 (AWM module) All versions < V11.36

References

https://cert-portal.siemens.com/productcert/pdf/ssa-25246...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 8, 2022
Vulnerability Reserved
Sep 21, 2021