Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00094.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
WAGO Compact Controller CC100 (751-9301) affected
Version Status Constraints
FW16 affected < FW22
WAGO Edge Controller (752-8303/8000-002) affected
Version Status Constraints
FW16 affected < FW22
WAGO Series PFC100 (750-81xx/xxx-xxx) affected
Version Status Constraints
FW16 affected < FW22
WAGO Series PFC200 (750-82xx/xxx-xxx) affected
Version Status Constraints
FW16 affected < FW22
WAGO Series Touch Panel 600 Advanced Line (762-5xxx) affected
Version Status Constraints
FW16 FW22 affected
WAGO Series Touch Panel 600 Marine Line (762-6xxx) affected
Version Status Constraints
FW16 FW22 affected
WAGO Series Touch Panel 600 Standard Line (762-4xxx) affected
Version Status Constraints
FW16 FW22 affected

Configuration 1 [-]

AND
cpe:2.3:o:wago:750-8100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8100:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:wago:750-8101_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8101:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:wago:750-8102_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8102:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:wago:751-9301_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:751-9301:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:wago:750-8202_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8202:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:wago:762-4205\/8000-002_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:762-4205\/8000-002:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:wago:762-4206\/8000-002_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:762-4206\/8000-002:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:wago:762-4305\/8000-002_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:762-4305\/8000-002:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:wago:762-4306\/8000-002_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:762-4306\/8000-002:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:wago:762-5205\/8000-001_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:762-5205\/8000-001:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:wago:762-5206\/8000-001_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:762-5206\/8000-001:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:wago:762-5305\/8000-002_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:762-5305\/8000-002:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:wago:762-5306\/8000-002_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:762-5306\/8000-002:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:wago:762-6301\/8000-002_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:762-6301\/8000-002:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:wago:762-6302\/8000-002_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:762-6302\/8000-002:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:wago:762-6303\/8000-002_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:762-6303\/8000-002:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:wago:762-6304\/8000-002_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:762-6304\/8000-002:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:wago:750-8102\/025-000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8102\/025-000:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:wago:750-8101\/025-000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8102\/025-000:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND
cpe:2.3:o:wago:750-82_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-82:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND
cpe:2.3:o:wago:750-8202\/000-012_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8202\/000-012:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND
cpe:2.3:o:wago:750-8202\/000-022_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8202\/000-022:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND
cpe:2.3:o:wago:750-8202\/025-001_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8202\/025-001:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND
cpe:2.3:o:wago:750-8202\/025-000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8202\/025-000:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND
cpe:2.3:o:wago:752-8303\/8000-002_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:752-8303\/8000-002:-:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors Products
Wago Subscribe
750-8100 Subscribe
750-8100 Firmware Subscribe
750-8101 Subscribe
750-8101\/025-000 Firmware Subscribe
750-8101 Firmware Subscribe
750-8102 Subscribe
750-8102\/025-000 Subscribe
750-8102\/025-000 Firmware Subscribe
750-8102 Firmware Subscribe
750-82 Subscribe
750-8202 Subscribe
750-8202\/000-012 Subscribe
750-8202\/000-012 Firmware Subscribe
750-8202\/000-022 Subscribe
750-8202\/000-022 Firmware Subscribe
750-8202\/025-000 Subscribe
750-8202\/025-000 Firmware Subscribe
750-8202\/025-001 Subscribe
750-8202\/025-001 Firmware Subscribe
750-8202 Firmware Subscribe
750-82 Firmware Subscribe
751-9301 Subscribe
751-9301 Firmware Subscribe
752-8303\/8000-002 Subscribe
752-8303\/8000-002 Firmware Subscribe
762-4205\/8000-002 Subscribe
762-4205\/8000-002 Firmware Subscribe
762-4206\/8000-002 Subscribe
762-4206\/8000-002 Firmware Subscribe
762-4305\/8000-002 Subscribe
762-4305\/8000-002 Firmware Subscribe
762-4306\/8000-002 Subscribe
762-4306\/8000-002 Firmware Subscribe
762-5205\/8000-001 Subscribe
762-5205\/8000-001 Firmware Subscribe
762-5206\/8000-001 Subscribe
762-5206\/8000-001 Firmware Subscribe
762-5305\/8000-002 Subscribe
762-5305\/8000-002 Firmware Subscribe
762-5306\/8000-002 Subscribe
762-5306\/8000-002 Firmware Subscribe
762-6301\/8000-002 Subscribe
762-6301\/8000-002 Firmware Subscribe
762-6302\/8000-002 Subscribe
762-6302\/8000-002 Firmware Subscribe
762-6303\/8000-002 Subscribe
762-6303\/8000-002 Firmware Subscribe
762-6304\/8000-002 Subscribe
762-6304\/8000-002 Firmware Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2022-27657 Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.
Fixes

Solution

Install FW >=FW22 (FW22 planned for end of Q2/22)

Workaround

No workaround given by the vendor.

References
Link Providers
https://cert.vde.com/en/advisories/VDE-2022-004/ cve-icon cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published:

Updated: 2024-09-17T00:16:00.059Z

Reserved: 2022-01-03T00:00:00

Link: CVE-2022-22511

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-03-09T20:15:08.367

Modified: 2024-11-21T06:46:55.623

Link: CVE-2022-22511

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses