CVE-2022-40190

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2022-40190
SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting (XSS). The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users’ browsers and steal sensitive information, including user credentials.

9.6 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-300-02 Third Party Advisory US Government Resource
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

cpe:2.3:o:sauter-controls:moduweb_firmware:2.7.1:*:*:*:*:*:*:*
Information

Published : 2022-10-31 14:15

Updated : 2022-11-02 07:13

NVD link : CVE-2022-40190

Mitre link : CVE-2022-40190

JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa
Products Affected

sauter-controls

  • moduweb_firmware