{ "id": "CVE-2022-3073", "sourceIdentifier": "info@cert.vde.com", "published": "2022-12-14T09:15:09.163", "lastModified": "2022-12-16T17:43:10.350", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Quanos \"SCHEMA ST4\" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser environment. The affected script is '*-schema.js'." }, { "lang": "es", "value": "Las plantillas web de ejemplo \"SCHEMA ST4\" de Quanos en la versi\u00f3n Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 o inferior son propensas a la inyecci\u00f3n de JavaScript, lo que permite a un atacante remoto secuestrar sesiones existentes para, por ejemplo, otros servicios web en el mismo entorno o ejecutar scripts. en el entorno del navegador de los usuarios. El script afectado es '*-schema.js'." } ], "metrics": { "cvssMetricV31": [ { "source": "info@cert.vde.com", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.8, "impactScore": 2.7 } ] }, "weaknesses": [ { "source": "info@cert.vde.com", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-79" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:weidmueller:19_iot_md01_lan_h4_s0011_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "569CCEC3-FD10-4CE3-8B5C-AA63644AACD9" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:weidmueller:19_iot_md01_lan_h4_s0011:-:*:*:*:*:*:*:*", "matchCriteriaId": "F5AB2397-1F99-4AE1-B7C6-26302A655126" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:weidmueller:fp_iot_md01_4eu_s2_00000_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B41A83B-82CB-461D-82B8-CF498E009AB0" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:weidmueller:fp_iot_md01_4eu_s2_00000:-:*:*:*:*:*:*:*", "matchCriteriaId": "74320E31-A4A1-4225-A824-E631DD4AF03D" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:weidmueller:fp_iot_md01_lan_s2_00000_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D503892C-05EE-4CA4-AFD0-5351D0FFA34E" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:weidmueller:fp_iot_md01_lan_s2_00000:-:*:*:*:*:*:*:*", "matchCriteriaId": "8D83BF8B-3E58-45E1-AF9D-1BBA686FDF71" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:weidmueller:fp_iot_md01_lan_s2_00011_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "4BE20F9E-D1C2-41DF-B1C4-D3A6980FF116" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:weidmueller:fp_iot_md01_lan_s2_00011:-:*:*:*:*:*:*:*", "matchCriteriaId": "BC9BF29F-A06C-4351-8387-6683DD54C585" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:weidmueller:fp_iot_md02_4eu_s3_00000_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "9A64FCB4-25DD-42D8-A917-DA8CDFCD01E7" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:weidmueller:fp_iot_md02_4eu_s3_00000:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1960C0B-03ED-4ADF-90D7-01E011A4A295" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:weidmueller:iot-gw30_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.16.0", "matchCriteriaId": "AC22126E-97A4-402E-B272-5ED394EC49BA" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:weidmueller:iot-gw30:-:*:*:*:*:*:*:*", "matchCriteriaId": "B247B94B-4845-4FCC-81E1-4880A7B2B0FE" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:weidmueller:iot-gw30-4g-eu_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.16.0", "matchCriteriaId": "DC118184-9A46-407F-AB65-1E8CB53929D1" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:weidmueller:iot-gw30-4g-eu:-:*:*:*:*:*:*:*", "matchCriteriaId": "4BD44BDA-E67A-4088-AF77-55C0BEC5782B" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:weidmueller:uc20-wl2000-ac_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.16.0", "matchCriteriaId": "DCC60AC7-5AFA-4135-803B-1592A83FF57C" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:weidmueller:uc20-wl2000-ac:-:*:*:*:*:*:*:*", "matchCriteriaId": "BAD85D18-1A66-487D-80B3-C5E1285685DD" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:weidmueller:uc20-wl2000-iot_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.16.0", "matchCriteriaId": "8805CF5B-BB2C-497D-9033-03F0A580FAE1" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:weidmueller:uc20-wl2000-iot:-:*:*:*:*:*:*:*", "matchCriteriaId": "B98578B6-9F39-4616-A240-0A09832A0A92" } ] } ] } ], "references": [ { "url": "https://cert.vde.com/de/advisories/VDE-2022-056/", "source": "info@cert.vde.com", "tags": [ "Third Party Advisory" ] } ] }