Vulnerability Description
The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wago | 751-9301 Firmware | >= 16, < 22 |
| Wago | 751-9301 | - |
| Wago | 752-8303\/8000-002 Firmware | >= 18, < 22 |
| Wago | 752-8303\/8000-002 | - |
| Wago | Pfc100 Firmware | >= 16, < 22 |
| Wago | Pfc100 | - |
| Wago | Pfc200 Firmware | >= 16, < 22 |
| Wago | Pfc200 | - |
| Wago | Touch Panel 600 Advanced Firmware | >= 16, < 22 |
| Wago | Touch Panel 600 Advanced | - |
| Wago | Touch Panel 600 Marine Firmware | >= 16, < 22 |
| Wago | Touch Panel 600 Marine | - |
| Wago | Touch Panel 600 Standard Firmware | >= 16, < 22 |
| Wago | Touch Panel 600 Standard | - |
Related Weaknesses (CWE)
References
- https://cert.vde.com/en/advisories/VDE-2022-060/MitigationThird Party Advisory
- https://cert.vde.com/en/advisories/VDE-2022-060/MitigationThird Party Advisory
FAQ
What is CVE-2022-45137?
CVE-2022-45137 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality an...
How severe is CVE-2022-45137?
CVE-2022-45137 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-45137?
Check the references section above for vendor advisories and patch information. Affected products include: Wago 751-9301 Firmware, Wago 751-9301, Wago 752-8303\/8000-002 Firmware, Wago 752-8303\/8000-002, Wago Pfc100 Firmware.