CVE-2025-3020

Wiesemann & Theis: Multiple W&T Products are vulnerable to cross-site-scripting

CVSS 5.4 MEDIUMEPSS 0.2%CWE-79

An low privileged remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into several fields of the configuration webpage with limited impact.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Productos afectados

Wiesemann & Theis · ERP-Gateway 12x Digital Input, 6x Digital Relais Wiesemann & Theis · ERP-Gateway 2x Digital Input, 2x Digital Output Wiesemann & Theis · ERP-Gateway 2x Digital PoE Wiesemann & Theis · Web-Alarm 6x6 DigitalWeb-Alarm 6x6 Digital Wiesemann & Theis · Web-Count 6x Digital Wiesemann & Theis · Web-Graph Air Quality Wiesemann & Theis · Web-IO 12x Digital Input, 6x Digital Relais Wiesemann & Theis · Web-IO Analog-In/Out 2x 0/4..20mA PoE Wiesemann & Theis · Web-IO Digital 12xIn, 12xOut Wiesemann & Theis · Web-IO Digital 12xIn, 12xOut, 1xRS232 Wiesemann & Theis · Web-IO Digital 2xIn, 2xOut Wiesemann & Theis · Web-IO Digital Logger 6xIn, 6xOut Wiesemann & Theis · Web-Thermograph 2x Wiesemann & Theis · Web-Thermograph 8x Wiesemann & Theis · Web-Thermograph NTC Wiesemann & Theis · Web-Thermograph NTC PoE Wiesemann & Theis · Web-Thermograph Pt100 / Pt1000 Wiesemann & Theis · Web-Thermograph Pt100 / Pt1000 PoE Wiesemann & Theis · Web-Thermograph Relais Wiesemann & Theis · Web-Thermo-Hygrobarograph Wiesemann & Theis · Web-Thermo-Hygrograph

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://cert.vde.com/en/advisories/VDE-2025-032