CVE-2022-3073

CVSS V2 None CVSS V3 None
Description
Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser environment. The affected script is '*-schema.js'.
Overview
  • CVE ID
  • CVE-2022-3073
  • Assigner
  • info@cert.vde.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-12-14T09:15:09
  • Last Modified Date
  • 2022-12-16T17:43:10
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:weidmueller:19_iot_md01_lan_h4_s0011_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:weidmueller:19_iot_md01_lan_h4_s0011:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:weidmueller:fp_iot_md01_4eu_s2_00000_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:weidmueller:fp_iot_md01_4eu_s2_00000:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:weidmueller:fp_iot_md01_lan_s2_00000_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:weidmueller:fp_iot_md01_lan_s2_00000:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:weidmueller:fp_iot_md01_lan_s2_00011_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:weidmueller:fp_iot_md01_lan_s2_00011:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:weidmueller:fp_iot_md02_4eu_s3_00000_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:weidmueller:fp_iot_md02_4eu_s3_00000:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:weidmueller:iot-gw30_firmware:*:*:*:*:*:*:*:* 1 OR 1.16.0
cpe:2.3:h:weidmueller:iot-gw30:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:weidmueller:iot-gw30-4g-eu_firmware:*:*:*:*:*:*:*:* 1 OR 1.16.0
cpe:2.3:h:weidmueller:iot-gw30-4g-eu:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:weidmueller:uc20-wl2000-ac_firmware:*:*:*:*:*:*:*:* 1 OR 1.16.0
cpe:2.3:h:weidmueller:uc20-wl2000-ac:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:weidmueller:uc20-wl2000-iot_firmware:*:*:*:*:*:*:*:* 1 OR 1.16.0
cpe:2.3:h:weidmueller:uc20-wl2000-iot:-:*:*:*:*:*:*:* 0 OR
References
History
Created Old Value New Value Data Type Notes
2022-12-14 09:16:52 Added to TrackCVE
2022-12-14 14:15:29 2022-12-14T09:15:09.163 2022-12-14T09:15:09 CVE Published Date updated
2022-12-14 14:15:29 2022-12-14T14:09:52 CVE Modified Date updated
2022-12-14 14:15:29 Received Awaiting Analysis Vulnerability Status updated
2022-12-18 04:35:28 2022-12-16T17:43:10 CVE Modified Date updated
2022-12-18 04:35:29 Awaiting Analysis Analyzed Vulnerability Status updated
2022-12-18 04:35:41 CPE Information updated