Vulnerability Details CVE-2022-4286
A reflected cross-site scripting (XSS) vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions >=3.00 and <=C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.1%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2022-4286
-
cpe:2.3:a:br-automation:automation_runtime:3.00
-
cpe:2.3:a:br-automation:automation_runtime:3.01
-
cpe:2.3:a:br-automation:automation_runtime:3.06
-
cpe:2.3:a:br-automation:automation_runtime:3.07
-
cpe:2.3:a:br-automation:automation_runtime:3.08
-
cpe:2.3:a:br-automation:automation_runtime:3.10
-
cpe:2.3:a:br-automation:automation_runtime:4.00
-
cpe:2.3:a:br-automation:automation_runtime:4.03
-
cpe:2.3:a:br-automation:automation_runtime:4.04
-
cpe:2.3:a:br-automation:automation_runtime:4.10
-
cpe:2.3:a:br-automation:automation_runtime:4.20
-
cpe:2.3:a:br-automation:automation_runtime:4.30
-
cpe:2.3:a:br-automation:automation_runtime:4.40
-
cpe:2.3:a:br-automation:automation_runtime:4.50
-
cpe:2.3:a:br-automation:automation_runtime:4.60
-
cpe:2.3:a:br-automation:automation_runtime:4.63
-
cpe:2.3:a:br-automation:automation_runtime:4.70
-
cpe:2.3:a:br-automation:automation_runtime:4.72
-
cpe:2.3:a:br-automation:automation_runtime:a4.73