CVE-2025-3020
Wiesemann & Theis: Multiple W&T Products are vulnerable to cross-site-scripting
An low privileged remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into several fields of the configuration webpage with limited impact.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Affected products
Wiesemann & Theis · ERP-Gateway 12x Digital Input, 6x Digital RelaisWiesemann & Theis · ERP-Gateway 2x Digital Input, 2x Digital OutputWiesemann & Theis · ERP-Gateway 2x Digital PoEWiesemann & Theis · Web-Alarm 6x6 DigitalWeb-Alarm 6x6 DigitalWiesemann & Theis · Web-Count 6x DigitalWiesemann & Theis · Web-Graph Air QualityWiesemann & Theis · Web-IO 12x Digital Input, 6x Digital RelaisWiesemann & Theis · Web-IO Analog-In/Out 2x 0/4..20mA PoEWiesemann & Theis · Web-IO Digital 12xIn, 12xOutWiesemann & Theis · Web-IO Digital 12xIn, 12xOut, 1xRS232Wiesemann & Theis · Web-IO Digital 2xIn, 2xOutWiesemann & Theis · Web-IO Digital Logger 6xIn, 6xOutWiesemann & Theis · Web-Thermograph 2xWiesemann & Theis · Web-Thermograph 8xWiesemann & Theis · Web-Thermograph NTCWiesemann & Theis · Web-Thermograph NTC PoEWiesemann & Theis · Web-Thermograph Pt100 / Pt1000Wiesemann & Theis · Web-Thermograph Pt100 / Pt1000 PoEWiesemann & Theis · Web-Thermograph RelaisWiesemann & Theis · Web-Thermo-HygrobarographWiesemann & Theis · Web-Thermo-HygrographWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →