CVE-2022-3073

{"id": "CVE-2022-3073", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "info@cert.vde.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2022-12-14T09:15:09.163", "references": [{"url": "https://cert.vde.com/de/advisories/VDE-2022-056/", "tags": ["Third Party Advisory"], "source": "info@cert.vde.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "info@cert.vde.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Quanos \"SCHEMA ST4\" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser environment. The affected script is '*-schema.js'."}], "lastModified": "2022-12-16T17:43:10.350", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:19_iot_md01_lan_h4_s0011_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "569CCEC3-FD10-4CE3-8B5C-AA63644AACD9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:19_iot_md01_lan_h4_s0011:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F5AB2397-1F99-4AE1-B7C6-26302A655126"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:fp_iot_md01_4eu_s2_00000_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B41A83B-82CB-461D-82B8-CF498E009AB0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:fp_iot_md01_4eu_s2_00000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "74320E31-A4A1-4225-A824-E631DD4AF03D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:fp_iot_md01_lan_s2_00000_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D503892C-05EE-4CA4-AFD0-5351D0FFA34E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:fp_iot_md01_lan_s2_00000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8D83BF8B-3E58-45E1-AF9D-1BBA686FDF71"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:fp_iot_md01_lan_s2_00011_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BE20F9E-D1C2-41DF-B1C4-D3A6980FF116"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:fp_iot_md01_lan_s2_00011:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BC9BF29F-A06C-4351-8387-6683DD54C585"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:fp_iot_md02_4eu_s3_00000_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A64FCB4-25DD-42D8-A917-DA8CDFCD01E7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:fp_iot_md02_4eu_s3_00000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C1960C0B-03ED-4ADF-90D7-01E011A4A295"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:iot-gw30_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC22126E-97A4-402E-B272-5ED394EC49BA", "versionEndIncluding": "1.16.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:iot-gw30:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B247B94B-4845-4FCC-81E1-4880A7B2B0FE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:iot-gw30-4g-eu_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC118184-9A46-407F-AB65-1E8CB53929D1", "versionEndIncluding": "1.16.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:iot-gw30-4g-eu:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4BD44BDA-E67A-4088-AF77-55C0BEC5782B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:uc20-wl2000-ac_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCC60AC7-5AFA-4135-803B-1592A83FF57C", "versionEndIncluding": "1.16.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:uc20-wl2000-ac:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BAD85D18-1A66-487D-80B3-C5E1285685DD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:uc20-wl2000-iot_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8805CF5B-BB2C-497D-9033-03F0A580FAE1", "versionEndIncluding": "1.16.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:uc20-wl2000-iot:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B98578B6-9F39-4616-A240-0A09832A0A92"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "info@cert.vde.com"}