CVE-2022-42786 — MEDIUM (5.4)

Q: How severe is CVE-2022-42786?

CVE-2022-42786 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-42786?

Check the references section above for vendor advisories and patch information. Affected products include: Wut At-Modem-Emulator Firmware, Wut At-Modem-Emulator, Wut Com-Server \+\+ Firmware, Wut Com-Server \+\+, Wut Com-Server 20Ma Firmware.

Vulnerability Description

Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Wut	At-Modem-Emulator Firmware	< 1.48
Wut	At-Modem-Emulator	-
Wut	Com-Server \+\+ Firmware	< 1.48
Wut	Com-Server \+\+	-
Wut	Com-Server 20Ma Firmware	< 1.48
Wut	Com-Server 20Ma	-
Wut	Com-Server Highspeed 100Basefx Firmware	< 1.76
Wut	Com-Server Highspeed 100Basefx	-
Wut	Com-Server Highspeed 100Baselx Firmware	< 1.76
Wut	Com-Server Highspeed 100Baselx	-
Wut	Com-Server Highspeed 19\" 1Port Firmware	< 1.76
Wut	Com-Server Highspeed 19\" 1Port	-
Wut	Com-Server Highspeed 19\" 4Port Firmware	< 1.76
Wut	Com-Server Highspeed 19\" 4Port	-
Wut	Com-Server Highspeed Compact Firmware	< 1.76
Wut	Com-Server Highspeed Compact	-
Wut	Com-Server Highspeed Industry Firmware	< 1.76
Wut	Com-Server Highspeed Industry	-
Wut	Com-Server Highspeed Isolated Firmware	< 1.76
Wut	Com-Server Highspeed Isolated	-

Related Weaknesses (CWE)

CWE-79

References

https://cert.vde.com/de/advisories/VDE-2022-043/Third Party Advisory
https://cert.vde.com/de/advisories/VDE-2022-043/Third Party Advisory

FAQ

What is CVE-2022-42786?

CVE-2022-42786 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of th...

How severe is CVE-2022-42786?

CVE-2022-42786 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-42786?

Check the references section above for vendor advisories and patch information. Affected products include: Wut At-Modem-Emulator Firmware, Wut At-Modem-Emulator, Wut Com-Server \+\+ Firmware, Wut Com-Server \+\+, Wut Com-Server 20Ma Firmware.