CVE-2022-37952: WorkstationST - Reflected XSS in iHistorian Data Display Tags
First published: Thu Aug 25 2022(Updated: )
A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST (<v07.09.15) could allow an attacker to compromise a victim's browser. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater.
Credit: GEPowerCVD@ge.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ge Workstationst | <07.09.15 |
Remedy
Upgrade to Workstation >= 7.09.15 which can be found in ControlST 7.09.07c SP8 and higher.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-37952.
What is the severity of CVE-2022-37952?
The severity of CVE-2022-37952 is medium.
What is the affected software?
The affected software is Ge Workstationst up to version 07.09.15.
What is the impact of CVE-2022-37952?
CVE-2022-37952 could allow an attacker to compromise a victim's browser.
How can I fix CVE-2022-37952?
There is no known fix or patch available for CVE-2022-37952 at the moment. It is recommended to follow the vendor's security advisory for updates.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/title
- agent/weakness
- agent/author
- agent/references
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/ge
- canonical/ge workstationst