Cross-Site Scripting Vulnerability in Climatix POL909 by Siemens
CVE-2021-41542

6.1MEDIUM

Key Information:

Vendor: Siemens
Status: Climatix Pol909 (awb Module); Climatix Pol909 (awm Module)
Vendor: CVE Published:; 8 March 2022

Summary

A cross-site scripting vulnerability has been detected in the user management page of Siemens Climatix POL909 devices. This flaw affects all versions of the AWB module below V11.44 and the AWM module below V11.36, allowing attackers to inject malicious JavaScript code. By exploiting this vulnerability, an attacker could hijack session tokens or cookies, redirect users to harmful sites, or execute unauthorized browser actions. It is crucial for users of the affected products to implement necessary security measures to mitigate potential exploitation.

Affected Version(s)

Climatix POL909 (AWB module) All versions < V11.44

Climatix POL909 (AWM module) All versions < V11.36

References

https://cert-portal.siemens.com/productcert/pdf/ssa-25246...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 8, 2022
Vulnerability Reserved
Sep 21, 2021