Weidmueller: >> Uc20-Wl2000-Iot Security Vulnerabilities
Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser environment. The affected script is '*-schema.js'.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-12-14
In Weidmüller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally accessible via external network interfaces. By exploiting this vulnerability the device may be manipulated or the operation may be stopped.
CVSS Score
9.4
EPSS Score
0.004
Published
2021-05-13