Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser environment. The affected script is '*-schema.js'.
References
Link | Resource |
---|---|
https://cert.vde.com/de/advisories/VDE-2022-056/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
History
16 Dec 2022, 17:43
Type | Values Removed | Values Added |
---|---|---|
First Time |
Weidmueller fp Iot Md01 Lan S2 00000
Weidmueller uc20-wl2000-ac Firmware Weidmueller fp Iot Md01 4eu S2 00000 Firmware Weidmueller iot-gw30 Firmware Weidmueller fp Iot Md01 Lan S2 00011 Firmware Weidmueller fp Iot Md02 4eu S3 00000 Weidmueller iot-gw30 Weidmueller fp Iot Md02 4eu S3 00000 Firmware Weidmueller iot-gw30-4g-eu Firmware Weidmueller fp Iot Md01 Lan S2 00000 Firmware Weidmueller iot-gw30-4g-eu Weidmueller 19 Iot Md01 Lan H4 S0011 Weidmueller fp Iot Md01 4eu S2 00000 Weidmueller Weidmueller fp Iot Md01 Lan S2 00011 Weidmueller 19 Iot Md01 Lan H4 S0011 Firmware Weidmueller uc20-wl2000-iot Firmware Weidmueller uc20-wl2000-ac Weidmueller uc20-wl2000-iot |
|
CPE | cpe:2.3:h:weidmueller:fp_iot_md01_4eu_s2_00000:-:*:*:*:*:*:*:* cpe:2.3:h:weidmueller:iot-gw30:-:*:*:*:*:*:*:* cpe:2.3:h:weidmueller:iot-gw30-4g-eu:-:*:*:*:*:*:*:* cpe:2.3:o:weidmueller:fp_iot_md01_lan_s2_00011_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:weidmueller:uc20-wl2000-iot_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:weidmueller:19_iot_md01_lan_h4_s0011:-:*:*:*:*:*:*:* cpe:2.3:o:weidmueller:iot-gw30-4g-eu_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:weidmueller:19_iot_md01_lan_h4_s0011_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:weidmueller:fp_iot_md01_4eu_s2_00000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:weidmueller:uc20-wl2000-ac_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:weidmueller:fp_iot_md01_lan_s2_00011:-:*:*:*:*:*:*:* cpe:2.3:o:weidmueller:fp_iot_md02_4eu_s3_00000_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:weidmueller:fp_iot_md01_lan_s2_00000:-:*:*:*:*:*:*:* cpe:2.3:h:weidmueller:uc20-wl2000-ac:-:*:*:*:*:*:*:* cpe:2.3:h:weidmueller:fp_iot_md02_4eu_s3_00000:-:*:*:*:*:*:*:* cpe:2.3:h:weidmueller:uc20-wl2000-iot:-:*:*:*:*:*:*:* cpe:2.3:o:weidmueller:iot-gw30_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:weidmueller:fp_iot_md01_lan_s2_00000_firmware:-:*:*:*:*:*:*:* |
|
References | (MISC) https://cert.vde.com/de/advisories/VDE-2022-056/ - Third Party Advisory |
14 Dec 2022, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-14 09:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-3073
Mitre link : CVE-2022-3073
CVE.ORG link : CVE-2022-3073
JSON object : View
Products Affected
weidmueller
- fp_iot_md01_lan_s2_00011
- fp_iot_md02_4eu_s3_00000_firmware
- uc20-wl2000-ac_firmware
- fp_iot_md01_lan_s2_00000_firmware
- iot-gw30
- iot-gw30-4g-eu_firmware
- iot-gw30-4g-eu
- uc20-wl2000-iot_firmware
- 19_iot_md01_lan_h4_s0011
- fp_iot_md01_4eu_s2_00000_firmware
- fp_iot_md01_lan_s2_00011_firmware
- fp_iot_md01_4eu_s2_00000
- iot-gw30_firmware
- uc20-wl2000-iot
- fp_iot_md02_4eu_s3_00000
- fp_iot_md01_lan_s2_00000
- 19_iot_md01_lan_h4_s0011_firmware
- uc20-wl2000-ac
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')