CVE-2022-22511 — MEDIUM (5.4)

Q: How severe is CVE-2022-22511?

CVE-2022-22511 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-22511?

Check the references section above for vendor advisories and patch information. Affected products include: Wago 750-8100 Firmware, Wago 750-8100, Wago 750-8101 Firmware, Wago 750-8101, Wago 750-8102 Firmware.

Vulnerability Description

Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Wago	750-8100 Firmware	>= fw16, < fw22
Wago	750-8100	-
Wago	750-8101 Firmware	>= fw16, < fw22
Wago	750-8101	-
Wago	750-8102 Firmware	>= fw16, < fw22
Wago	750-8102	-
Wago	751-9301 Firmware	>= fw16, < fw22
Wago	751-9301	-
Wago	750-8202 Firmware	>= fw16, < fw22
Wago	750-8202	-
Wago	762-4205\/8000-002 Firmware	>= fw16, < fw22
Wago	762-4205\/8000-002	-
Wago	762-4206\/8000-002 Firmware	>= fw16, < fw22
Wago	762-4206\/8000-002	-
Wago	762-4305\/8000-002 Firmware	>= fw16, < fw22
Wago	762-4305\/8000-002	-
Wago	762-4306\/8000-002 Firmware	>= fw16, < fw22
Wago	762-4306\/8000-002	-
Wago	762-5205\/8000-001 Firmware	>= fw16, < fw22
Wago	762-5205\/8000-001	-

Related Weaknesses (CWE)

CWE-79

References

https://cert.vde.com/en/advisories/VDE-2022-004/MitigationThird Party Advisory
https://cert.vde.com/en/advisories/VDE-2022-004/MitigationThird Party Advisory

FAQ

What is CVE-2022-22511?

CVE-2022-22511 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential inform...

How severe is CVE-2022-22511?

CVE-2022-22511 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-22511?

Check the references section above for vendor advisories and patch information. Affected products include: Wago 750-8100 Firmware, Wago 750-8100, Wago 750-8101 Firmware, Wago 750-8101, Wago 750-8102 Firmware.