← back
CVE-2025-3020

Wiesemann & Theis: Multiple W&T Products are vulnerable to cross-site-scripting

CVSS 5.4 MEDIUMEPSS 0.2%CWE-79
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.4EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
06 May 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An low privileged remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into several fields of the configuration webpage with limited impact.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Affected products
Wiesemann & Theis · ERP-Gateway 12x Digital Input, 6x Digital RelaisWiesemann & Theis · ERP-Gateway 2x Digital Input, 2x Digital OutputWiesemann & Theis · ERP-Gateway 2x Digital PoEWiesemann & Theis · Web-Alarm 6x6 DigitalWeb-Alarm 6x6 DigitalWiesemann & Theis · Web-Count 6x DigitalWiesemann & Theis · Web-Graph Air QualityWiesemann & Theis · Web-IO 12x Digital Input, 6x Digital RelaisWiesemann & Theis · Web-IO Analog-In/Out 2x 0/4..20mA PoEWiesemann & Theis · Web-IO Digital 12xIn, 12xOutWiesemann & Theis · Web-IO Digital 12xIn, 12xOut, 1xRS232Wiesemann & Theis · Web-IO Digital 2xIn, 2xOutWiesemann & Theis · Web-IO Digital Logger 6xIn, 6xOutWiesemann & Theis · Web-Thermograph 2xWiesemann & Theis · Web-Thermograph 8xWiesemann & Theis · Web-Thermograph NTCWiesemann & Theis · Web-Thermograph NTC PoEWiesemann & Theis · Web-Thermograph Pt100 / Pt1000Wiesemann & Theis · Web-Thermograph Pt100 / Pt1000 PoEWiesemann & Theis · Web-Thermograph RelaisWiesemann & Theis · Web-Thermo-HygrobarographWiesemann & Theis · Web-Thermo-Hygrograph

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cert.vde.com/en/advisories/VDE-2025-032