WAGO: Reflective Cross-Site Scripting
CVE-2022-45137

6.1MEDIUM

Key Information:

Vendor
Wago
Status
Compact Controller Cc100 (751-9301)
Edge Controller (752-8303/8000-002)
Pfc100 (750-81xx/xxx-xxx)
Pfc200 (750-82xx/xxx-xxx)
Vendor
CVE Published:
27 February 2023

Summary

The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability.

Affected Version(s)

Compact Controller CC100 (751-9301) FW16

Compact Controller CC100 (751-9301) FW23

Edge Controller (752-8303/8000-002) FW18

References

https://cert.vde.com/en/advisories/VDE-2022-060/

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Ryan Pickren of Georgia Institute of Technologys Cyber-Physical Security Lab
.
CVE-2022-45137 : WAGO: Reflective Cross-Site Scripting | SecurityVulnerability.io