CVE-2021-41542

A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The User Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:siemens:climatix_pol909_firmware:*:*:*:*:advanced_web_module:*:*:*
cpe:2.3:o:siemens:climatix_pol909_firmware:*:*:*:*:advanced_web_and_bacnet_module:*:*:*
cpe:2.3:h:siemens:climatix_pol909:-:*:*:*:*:*:*:*

Information

Published : 2022-03-08 04:15

Updated : 2022-03-11 10:33


NVD link : CVE-2021-41542

Mitre link : CVE-2021-41542


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

siemens

  • climatix_pol909
  • climatix_pol909_firmware