First published: Wed Dec 14 2022(Updated: )
Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser environment. The affected script is '*-schema.js'.
Credit: info@cert.vde.com
Affected Software | Affected Version | How to fix |
---|---|---|
Weidmueller 19 Iot Md01 Lan H4 S0011 Firmware | ||
Weidmueller 19 Iot Md01 Lan H4 S0011 | ||
Weidmueller Fp Iot Md01 4eu S2 00000 Firmware | ||
Weidmueller Fp Iot Md01 4eu S2 00000 | ||
Weidmueller Fp Iot Md01 Lan S2 00000 Firmware | ||
Weidmueller Fp Iot Md01 Lan S2 00000 | ||
Weidmueller Fp Iot Md01 Lan S2 00011 Firmware | ||
Weidmueller Fp Iot Md01 Lan S2 00011 | ||
Weidmueller Fp Iot Md02 4eu S3 00000 Firmware | ||
Weidmueller Fp Iot Md02 4eu S3 00000 | ||
Weidmueller Iot-gw30 Firmware | <=1.16.0 | |
Weidmueller Iot-gw30 | ||
Weidmueller Iot-gw30-4g-eu Firmware | <=1.16.0 | |
Weidmueller Iot-gw30-4g-eu | ||
Weidmueller Uc20-wl2000-ac Firmware | <=1.16.0 | |
Weidmueller Uc20-wl2000-ac | ||
Weidmueller Uc20-wl2000-iot Firmware | <=1.16.0 | |
Weidmueller Uc20-wl2000-iot |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-3073.
The severity of CVE-2022-3073 is medium.
The affected software of CVE-2022-3073 includes Quanos SCHEMA ST4 example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below.
CVE-2022-3073 allows a remote attacker to hijack existing sessions or execute scripts in the user's browser environment.
To fix CVE-2022-3073, it is recommended to update the Quanos SCHEMA ST4 example web templates to a version above Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1.