CVE-2022-3073

Published Dec 14, 2022

Last updated 2 years ago

CVSS medium 6.1

Overview

Description: Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser environment. The affected script is '*-schema.js'.
Source: info@cert.vde.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

info@cert.vde.com: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:weidmueller:19_iot_md01_lan_h4_s0011_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "569CCEC3-FD10-4CE3-8B5C-AA63644AACD9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:weidmueller:19_iot_md01_lan_h4_s0011:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F5AB2397-1F99-4AE1-B7C6-26302A655126"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:weidmueller:fp_iot_md01_4eu_s2_00000_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B41A83B-82CB-461D-82B8-CF498E009AB0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:weidmueller:fp_iot_md01_4eu_s2_00000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "74320E31-A4A1-4225-A824-E631DD4AF03D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:weidmueller:fp_iot_md01_lan_s2_00000_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D503892C-05EE-4CA4-AFD0-5351D0FFA34E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:weidmueller:fp_iot_md01_lan_s2_00000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8D83BF8B-3E58-45E1-AF9D-1BBA686FDF71"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:weidmueller:fp_iot_md01_lan_s2_00011_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4BE20F9E-D1C2-41DF-B1C4-D3A6980FF116"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:weidmueller:fp_iot_md01_lan_s2_00011:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BC9BF29F-A06C-4351-8387-6683DD54C585"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:weidmueller:fp_iot_md02_4eu_s3_00000_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A64FCB4-25DD-42D8-A917-DA8CDFCD01E7"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:weidmueller:fp_iot_md02_4eu_s3_00000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C1960C0B-03ED-4ADF-90D7-01E011A4A295"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:weidmueller:iot-gw30_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC22126E-97A4-402E-B272-5ED394EC49BA",
            "versionEndIncluding": "1.16.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:weidmueller:iot-gw30:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B247B94B-4845-4FCC-81E1-4880A7B2B0FE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:weidmueller:iot-gw30-4g-eu_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC118184-9A46-407F-AB65-1E8CB53929D1",
            "versionEndIncluding": "1.16.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:weidmueller:iot-gw30-4g-eu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4BD44BDA-E67A-4088-AF77-55C0BEC5782B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:weidmueller:uc20-wl2000-ac_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DCC60AC7-5AFA-4135-803B-1592A83FF57C",
            "versionEndIncluding": "1.16.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:weidmueller:uc20-wl2000-ac:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BAD85D18-1A66-487D-80B3-C5E1285685DD"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:weidmueller:uc20-wl2000-iot_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8805CF5B-BB2C-497D-9033-03F0A580FAE1",
            "versionEndIncluding": "1.16.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:weidmueller:uc20-wl2000-iot:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B98578B6-9F39-4616-A240-0A09832A0A92"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References