CVE-2021-41542

6.1MEDIUM

Key Information:

Vendor: Siemens
Status: Climatix Pol909 (awb Module); Climatix Pol909 (awm Module)
Vendor: CVE Published:; 8 March 2022

Summary

A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The User Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action.

Affected Version(s)

Climatix POL909 (AWB module) All versions < V11.44

Climatix POL909 (AWM module) All versions < V11.36

References

https://cert-portal.siemens.com/productcert/pdf/ssa-25246...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 8, 2022
Vulnerability Reserved
Sep 21, 2021