Search criteria
8 vulnerabilities found for Climatix POL909 (AWB module) by Siemens
CVE-2021-41543 (GCVE-0-2021-41543)
Vulnerability from cvelistv5 – Published: 2022-03-08 11:31 – Updated: 2024-08-04 03:15
VLAI?
Summary
A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The handling of log files in the web application of affected devices contains an information disclosure vulnerability which could allow logged in users to access sensitive files.
Severity ?
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Siemens | Climatix POL909 (AWB module) |
Affected:
All versions < V11.44
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:15:28.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-252466.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Climatix POL909 (AWB module)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V11.44"
}
]
},
{
"product": "Climatix POL909 (AWM module)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V11.36"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Climatix POL909 (AWB module) (All versions \u003c V11.44), Climatix POL909 (AWM module) (All versions \u003c V11.36). The handling of log files in the web application of affected devices contains an information disclosure vulnerability which could allow logged in users to access sensitive files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-08T11:31:12",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-252466.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-41543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Climatix POL909 (AWB module)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V11.44"
}
]
}
},
{
"product_name": "Climatix POL909 (AWM module)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V11.36"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Climatix POL909 (AWB module) (All versions \u003c V11.44), Climatix POL909 (AWM module) (All versions \u003c V11.36). The handling of log files in the web application of affected devices contains an information disclosure vulnerability which could allow logged in users to access sensitive files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-252466.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-252466.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-41543",
"datePublished": "2022-03-08T11:31:12",
"dateReserved": "2021-09-21T00:00:00",
"dateUpdated": "2024-08-04T03:15:28.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41542 (GCVE-0-2021-41542)
Vulnerability from cvelistv5 – Published: 2022-03-08 11:31 – Updated: 2024-08-04 03:15
VLAI?
Summary
A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The User Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Siemens | Climatix POL909 (AWB module) |
Affected:
All versions < V11.44
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:15:28.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-252466.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Climatix POL909 (AWB module)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V11.44"
}
]
},
{
"product": "Climatix POL909 (AWM module)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V11.36"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Climatix POL909 (AWB module) (All versions \u003c V11.44), Climatix POL909 (AWM module) (All versions \u003c V11.36). The User Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user\u0027s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-08T11:31:11",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-252466.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-41542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Climatix POL909 (AWB module)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V11.44"
}
]
}
},
{
"product_name": "Climatix POL909 (AWM module)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V11.36"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Climatix POL909 (AWB module) (All versions \u003c V11.44), Climatix POL909 (AWM module) (All versions \u003c V11.36). The User Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user\u0027s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-252466.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-252466.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-41542",
"datePublished": "2022-03-08T11:31:11",
"dateReserved": "2021-09-21T00:00:00",
"dateUpdated": "2024-08-04T03:15:28.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41541 (GCVE-0-2021-41541)
Vulnerability from cvelistv5 – Published: 2022-03-08 11:31 – Updated: 2024-08-04 03:15
VLAI?
Summary
A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The Group Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Siemens | Climatix POL909 (AWB module) |
Affected:
All versions < V11.44
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:15:28.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-252466.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Climatix POL909 (AWB module)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V11.44"
}
]
},
{
"product": "Climatix POL909 (AWM module)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V11.36"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Climatix POL909 (AWB module) (All versions \u003c V11.44), Climatix POL909 (AWM module) (All versions \u003c V11.36). The Group Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user\u0027s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-08T11:31:09",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-252466.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-41541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Climatix POL909 (AWB module)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V11.44"
}
]
}
},
{
"product_name": "Climatix POL909 (AWM module)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V11.36"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Climatix POL909 (AWB module) (All versions \u003c V11.44), Climatix POL909 (AWM module) (All versions \u003c V11.36). The Group Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user\u0027s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-252466.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-252466.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-41541",
"datePublished": "2022-03-08T11:31:09",
"dateReserved": "2021-09-21T00:00:00",
"dateUpdated": "2024-08-04T03:15:28.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40366 (GCVE-0-2021-40366)
Vulnerability from cvelistv5 – Published: 2021-11-09 11:32 – Updated: 2024-08-04 02:44
VLAI?
Summary
A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.42), Climatix POL909 (AWM module) (All versions < V11.34). The web server of affected devices transmits data without TLS encryption. This could allow an unauthenticated remote attacker in a man-in-the-middle position to read sensitive data, such as administrator credentials, or modify data in transit.
Severity ?
No CVSS data available.
CWE
- CWE-311 - Missing Encryption of Sensitive Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Siemens | Climatix POL909 (AWB module) |
Affected:
All versions < V11.42
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:44:09.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-703715.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Climatix POL909 (AWB module)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V11.42"
}
]
},
{
"product": "Climatix POL909 (AWM module)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V11.34"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Climatix POL909 (AWB module) (All versions \u003c V11.42), Climatix POL909 (AWM module) (All versions \u003c V11.34). The web server of affected devices transmits data without TLS encryption. This could allow an unauthenticated remote attacker in a man-in-the-middle position to read sensitive data, such as administrator credentials, or modify data in transit."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311: Missing Encryption of Sensitive Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-08T11:31:09",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-703715.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-40366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Climatix POL909 (AWB module)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V11.42"
}
]
}
},
{
"product_name": "Climatix POL909 (AWM module)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V11.34"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Climatix POL909 (AWB module) (All versions \u003c V11.42), Climatix POL909 (AWM module) (All versions \u003c V11.34). The web server of affected devices transmits data without TLS encryption. This could allow an unauthenticated remote attacker in a man-in-the-middle position to read sensitive data, such as administrator credentials, or modify data in transit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-311: Missing Encryption of Sensitive Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-703715.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-703715.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-40366",
"datePublished": "2021-11-09T11:32:07",
"dateReserved": "2021-09-01T00:00:00",
"dateUpdated": "2024-08-04T02:44:09.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41543 (GCVE-0-2021-41543)
Vulnerability from nvd – Published: 2022-03-08 11:31 – Updated: 2024-08-04 03:15
VLAI?
Summary
A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The handling of log files in the web application of affected devices contains an information disclosure vulnerability which could allow logged in users to access sensitive files.
Severity ?
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Siemens | Climatix POL909 (AWB module) |
Affected:
All versions < V11.44
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:15:28.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-252466.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Climatix POL909 (AWB module)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V11.44"
}
]
},
{
"product": "Climatix POL909 (AWM module)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V11.36"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Climatix POL909 (AWB module) (All versions \u003c V11.44), Climatix POL909 (AWM module) (All versions \u003c V11.36). The handling of log files in the web application of affected devices contains an information disclosure vulnerability which could allow logged in users to access sensitive files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-08T11:31:12",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-252466.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-41543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Climatix POL909 (AWB module)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V11.44"
}
]
}
},
{
"product_name": "Climatix POL909 (AWM module)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V11.36"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Climatix POL909 (AWB module) (All versions \u003c V11.44), Climatix POL909 (AWM module) (All versions \u003c V11.36). The handling of log files in the web application of affected devices contains an information disclosure vulnerability which could allow logged in users to access sensitive files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-252466.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-252466.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-41543",
"datePublished": "2022-03-08T11:31:12",
"dateReserved": "2021-09-21T00:00:00",
"dateUpdated": "2024-08-04T03:15:28.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41542 (GCVE-0-2021-41542)
Vulnerability from nvd – Published: 2022-03-08 11:31 – Updated: 2024-08-04 03:15
VLAI?
Summary
A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The User Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Siemens | Climatix POL909 (AWB module) |
Affected:
All versions < V11.44
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:15:28.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-252466.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Climatix POL909 (AWB module)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V11.44"
}
]
},
{
"product": "Climatix POL909 (AWM module)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V11.36"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Climatix POL909 (AWB module) (All versions \u003c V11.44), Climatix POL909 (AWM module) (All versions \u003c V11.36). The User Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user\u0027s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-08T11:31:11",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-252466.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-41542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Climatix POL909 (AWB module)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V11.44"
}
]
}
},
{
"product_name": "Climatix POL909 (AWM module)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V11.36"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Climatix POL909 (AWB module) (All versions \u003c V11.44), Climatix POL909 (AWM module) (All versions \u003c V11.36). The User Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user\u0027s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-252466.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-252466.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-41542",
"datePublished": "2022-03-08T11:31:11",
"dateReserved": "2021-09-21T00:00:00",
"dateUpdated": "2024-08-04T03:15:28.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41541 (GCVE-0-2021-41541)
Vulnerability from nvd – Published: 2022-03-08 11:31 – Updated: 2024-08-04 03:15
VLAI?
Summary
A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The Group Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Siemens | Climatix POL909 (AWB module) |
Affected:
All versions < V11.44
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:15:28.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-252466.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Climatix POL909 (AWB module)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V11.44"
}
]
},
{
"product": "Climatix POL909 (AWM module)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V11.36"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Climatix POL909 (AWB module) (All versions \u003c V11.44), Climatix POL909 (AWM module) (All versions \u003c V11.36). The Group Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user\u0027s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-08T11:31:09",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-252466.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-41541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Climatix POL909 (AWB module)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V11.44"
}
]
}
},
{
"product_name": "Climatix POL909 (AWM module)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V11.36"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Climatix POL909 (AWB module) (All versions \u003c V11.44), Climatix POL909 (AWM module) (All versions \u003c V11.36). The Group Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user\u0027s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-252466.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-252466.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-41541",
"datePublished": "2022-03-08T11:31:09",
"dateReserved": "2021-09-21T00:00:00",
"dateUpdated": "2024-08-04T03:15:28.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40366 (GCVE-0-2021-40366)
Vulnerability from nvd – Published: 2021-11-09 11:32 – Updated: 2024-08-04 02:44
VLAI?
Summary
A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.42), Climatix POL909 (AWM module) (All versions < V11.34). The web server of affected devices transmits data without TLS encryption. This could allow an unauthenticated remote attacker in a man-in-the-middle position to read sensitive data, such as administrator credentials, or modify data in transit.
Severity ?
No CVSS data available.
CWE
- CWE-311 - Missing Encryption of Sensitive Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Siemens | Climatix POL909 (AWB module) |
Affected:
All versions < V11.42
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:44:09.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-703715.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Climatix POL909 (AWB module)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V11.42"
}
]
},
{
"product": "Climatix POL909 (AWM module)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V11.34"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Climatix POL909 (AWB module) (All versions \u003c V11.42), Climatix POL909 (AWM module) (All versions \u003c V11.34). The web server of affected devices transmits data without TLS encryption. This could allow an unauthenticated remote attacker in a man-in-the-middle position to read sensitive data, such as administrator credentials, or modify data in transit."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311: Missing Encryption of Sensitive Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-08T11:31:09",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-703715.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-40366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Climatix POL909 (AWB module)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V11.42"
}
]
}
},
{
"product_name": "Climatix POL909 (AWM module)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V11.34"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Climatix POL909 (AWB module) (All versions \u003c V11.42), Climatix POL909 (AWM module) (All versions \u003c V11.34). The web server of affected devices transmits data without TLS encryption. This could allow an unauthenticated remote attacker in a man-in-the-middle position to read sensitive data, such as administrator credentials, or modify data in transit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-311: Missing Encryption of Sensitive Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-703715.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-703715.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-40366",
"datePublished": "2021-11-09T11:32:07",
"dateReserved": "2021-09-01T00:00:00",
"dateUpdated": "2024-08-04T02:44:09.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}