CVE-2025-3020
Wiesemann & Theis: Multiple W&T Products are vulnerable to cross-site-scripting
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 5.4EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
06 mai 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
An low privileged remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into several fields of the configuration webpage with limited impact.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Produtos afetados
Wiesemann & Theis · ERP-Gateway 12x Digital Input, 6x Digital RelaisWiesemann & Theis · ERP-Gateway 2x Digital Input, 2x Digital OutputWiesemann & Theis · ERP-Gateway 2x Digital PoEWiesemann & Theis · Web-Alarm 6x6 DigitalWeb-Alarm 6x6 DigitalWiesemann & Theis · Web-Count 6x DigitalWiesemann & Theis · Web-Graph Air QualityWiesemann & Theis · Web-IO 12x Digital Input, 6x Digital RelaisWiesemann & Theis · Web-IO Analog-In/Out 2x 0/4..20mA PoEWiesemann & Theis · Web-IO Digital 12xIn, 12xOutWiesemann & Theis · Web-IO Digital 12xIn, 12xOut, 1xRS232Wiesemann & Theis · Web-IO Digital 2xIn, 2xOutWiesemann & Theis · Web-IO Digital Logger 6xIn, 6xOutWiesemann & Theis · Web-Thermograph 2xWiesemann & Theis · Web-Thermograph 8xWiesemann & Theis · Web-Thermograph NTCWiesemann & Theis · Web-Thermograph NTC PoEWiesemann & Theis · Web-Thermograph Pt100 / Pt1000Wiesemann & Theis · Web-Thermograph Pt100 / Pt1000 PoEWiesemann & Theis · Web-Thermograph RelaisWiesemann & Theis · Web-Thermo-HygrobarographWiesemann & Theis · Web-Thermo-HygrographQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →