CVE-2022-3073 — MEDIUM (6.1)

Q: How severe is CVE-2022-3073?

CVE-2022-3073 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-3073?

Check the references section above for vendor advisories and patch information. Affected products include: Weidmueller 19 Iot Md01 Lan H4 S0011 Firmware, Weidmueller 19 Iot Md01 Lan H4 S0011, Weidmueller Fp Iot Md01 4Eu S2 00000 Firmware, Weidmueller Fp Iot Md01 4Eu S2 00000, Weidmueller Fp Iot Md01 Lan S2 00000 Firmware.

Vulnerability Description

Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser environment. The affected script is '*-schema.js'.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Weidmueller	19 Iot Md01 Lan H4 S0011 Firmware	-
Weidmueller	19 Iot Md01 Lan H4 S0011	-
Weidmueller	Fp Iot Md01 4Eu S2 00000 Firmware	-
Weidmueller	Fp Iot Md01 4Eu S2 00000	-
Weidmueller	Fp Iot Md01 Lan S2 00000 Firmware	-
Weidmueller	Fp Iot Md01 Lan S2 00000	-
Weidmueller	Fp Iot Md01 Lan S2 00011 Firmware	-
Weidmueller	Fp Iot Md01 Lan S2 00011	-
Weidmueller	Fp Iot Md02 4Eu S3 00000 Firmware	-
Weidmueller	Fp Iot Md02 4Eu S3 00000	-
Weidmueller	Iot-Gw30 Firmware	<= 1.16.0
Weidmueller	Iot-Gw30	-
Weidmueller	Iot-Gw30-4G-Eu Firmware	<= 1.16.0
Weidmueller	Iot-Gw30-4G-Eu	-
Weidmueller	Uc20-Wl2000-Ac Firmware	<= 1.16.0
Weidmueller	Uc20-Wl2000-Ac	-
Weidmueller	Uc20-Wl2000-Iot Firmware	<= 1.16.0
Weidmueller	Uc20-Wl2000-Iot	-

Related Weaknesses (CWE)

CWE-79

References

https://cert.vde.com/de/advisories/VDE-2022-056/Third Party Advisory
https://cert.vde.com/de/advisories/VDE-2022-056/Third Party Advisory

FAQ

What is CVE-2022-3073?

CVE-2022-3073 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to ...

How severe is CVE-2022-3073?

CVE-2022-3073 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-3073?

Check the references section above for vendor advisories and patch information. Affected products include: Weidmueller 19 Iot Md01 Lan H4 S0011 Firmware, Weidmueller 19 Iot Md01 Lan H4 S0011, Weidmueller Fp Iot Md01 4Eu S2 00000 Firmware, Weidmueller Fp Iot Md01 4Eu S2 00000, Weidmueller Fp Iot Md01 Lan S2 00000 Firmware.