CVE-2022-22511 - Vulnerability Details

Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00074.

Key SSVC decision points have not yet been added.

Vendors	Products
Wago Subscribe	750-8100 Subscribe 750-8100 Firmware Subscribe 750-8101 Subscribe 750-8101\/025-000 Firmware Subscribe 750-8101 Firmware Subscribe 750-8102 Subscribe 750-8102\/025-000 Subscribe 750-8102\/025-000 Firmware Subscribe 750-8102 Firmware Subscribe 750-82 Subscribe 750-8202 Subscribe 750-8202\/000-012 Subscribe 750-8202\/000-012 Firmware Subscribe 750-8202\/000-022 Subscribe 750-8202\/000-022 Firmware Subscribe 750-8202\/025-000 Subscribe 750-8202\/025-000 Firmware Subscribe 750-8202\/025-001 Subscribe 750-8202\/025-001 Firmware Subscribe 750-8202 Firmware Subscribe 750-82 Firmware Subscribe 751-9301 Subscribe 751-9301 Firmware Subscribe 752-8303\/8000-002 Subscribe 752-8303\/8000-002 Firmware Subscribe 762-4205\/8000-002 Subscribe 762-4205\/8000-002 Firmware Subscribe 762-4206\/8000-002 Subscribe 762-4206\/8000-002 Firmware Subscribe 762-4305\/8000-002 Subscribe 762-4305\/8000-002 Firmware Subscribe 762-4306\/8000-002 Subscribe 762-4306\/8000-002 Firmware Subscribe 762-5205\/8000-001 Subscribe 762-5205\/8000-001 Firmware Subscribe 762-5206\/8000-001 Subscribe 762-5206\/8000-001 Firmware Subscribe 762-5305\/8000-002 Subscribe 762-5305\/8000-002 Firmware Subscribe 762-5306\/8000-002 Subscribe 762-5306\/8000-002 Firmware Subscribe 762-6301\/8000-002 Subscribe 762-6301\/8000-002 Firmware Subscribe 762-6302\/8000-002 Subscribe 762-6302\/8000-002 Firmware Subscribe 762-6303\/8000-002 Subscribe 762-6303\/8000-002 Firmware Subscribe 762-6304\/8000-002 Subscribe 762-6304\/8000-002 Firmware Subscribe

Configuration 1 [-]

AND

cpe:2.3:o:wago:750-8100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8100:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:wago:750-8101_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8101:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:wago:750-8102_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8102:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:wago:751-9301_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:751-9301:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:wago:750-8202_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8202:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:wago:762-4205\/8000-002_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:762-4205\/8000-002:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:wago:762-4206\/8000-002_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:762-4206\/8000-002:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:wago:762-4305\/8000-002_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:762-4305\/8000-002:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:wago:762-4306\/8000-002_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:762-4306\/8000-002:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:wago:762-5205\/8000-001_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:762-5205\/8000-001:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:wago:762-5206\/8000-001_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:762-5206\/8000-001:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:wago:762-5305\/8000-002_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:762-5305\/8000-002:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:wago:762-5306\/8000-002_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:762-5306\/8000-002:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:wago:762-6301\/8000-002_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:762-6301\/8000-002:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:wago:762-6302\/8000-002_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:762-6302\/8000-002:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:wago:762-6303\/8000-002_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:762-6303\/8000-002:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:wago:762-6304\/8000-002_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:762-6304\/8000-002:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:wago:750-8102\/025-000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8102\/025-000:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:wago:750-8101\/025-000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8102\/025-000:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:wago:750-82_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-82:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:wago:750-8202\/000-012_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8202\/000-012:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:wago:750-8202\/000-022_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8202\/000-022:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:wago:750-8202\/025-001_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8202\/025-001:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:wago:750-8202\/025-000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8202\/025-000:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:wago:752-8303\/8000-002_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:752-8303\/8000-002:-:*:*:*:*:*:*:*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-27657	Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.

Fixes

Solution

Install FW >=FW22 (FW22 planned for end of Q2/22)

Workaround

No workaround given by the vendor.

References

Link	Providers
https://cert.vde.com/en/advisories/VDE-2022-004/

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2022-03-09T19:38:43.516457Z

Updated: 2024-09-17T00:16:00.059Z

Reserved: 2022-01-03T00:00:00

Link: CVE-2022-22511

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-03-09T20:15:08.367

Modified: 2024-11-21T06:46:55.623

Link: CVE-2022-22511

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-79

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Projects

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object