VAR-202210-1908
Vulnerability from variot - Updated: 2023-12-18 12:48SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting (XSS). The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users’ browsers and steal sensitive information, including user credentials. SAUTER Provided by the company moduWeb is the central monitoring device of the company's building automation system ( B-OWS : BACnet Operator Workstation )is. moduWeb contains the following vulnerabilities: * Reflected cross-site scripting (CWE-79) - CVE-2022-40190Successful exploitation of this vulnerability could result in the following effects from a remote third party: * An arbitrary script is executed on the web browser of the user who accessed the monitoring screen of the product, and sensitive information including user authentication information is stolen
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-1908",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "moduweb",
"scope": "eq",
"trust": 1.0,
"vendor": "sauter controls",
"version": "2.7.1"
},
{
"model": "moduweb",
"scope": "eq",
"trust": 0.8,
"vendor": "fr sauter",
"version": "moduweb firmware 2.7.1"
},
{
"model": "moduweb",
"scope": "eq",
"trust": 0.8,
"vendor": "fr sauter",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002631"
},
{
"db": "NVD",
"id": "CVE-2022-40190"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sauter-controls:moduweb_firmware:2.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40190"
}
]
},
"cve": "CVE-2022-40190",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-002631",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-40190",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-40190",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2022-002631",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-2419",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002631"
},
{
"db": "NVD",
"id": "CVE-2022-40190"
},
{
"db": "NVD",
"id": "CVE-2022-40190"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2419"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting (XSS). The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users\u2019 browsers and steal sensitive information, including user credentials. SAUTER Provided by the company moduWeb is the central monitoring device of the company\u0027s building automation system ( B-OWS : BACnet Operator Workstation )is. moduWeb contains the following vulnerabilities: * Reflected cross-site scripting (CWE-79) - CVE-2022-40190Successful exploitation of this vulnerability could result in the following effects from a remote third party: * An arbitrary script is executed on the web browser of the user who accessed the monitoring screen of the product, and sensitive information including user authentication information is stolen",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40190"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002631"
},
{
"db": "VULHUB",
"id": "VHN-435995"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-22-300-02",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2022-40190",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU90122134",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002631",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.5425",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2419",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-435995",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-435995"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002631"
},
{
"db": "NVD",
"id": "CVE-2022-40190"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2419"
}
]
},
"id": "VAR-202210-1908",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-435995"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:48:25.182000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Welcome\u00a0to\u00a0SAUTER",
"trust": 0.8,
"url": "https://www.sauter-controls.com/en/"
},
{
"title": "SAUTER Controls moduWeb Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=212872"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002631"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2419"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
},
{
"problemtype": "Cross-site scripting (CWE-79) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-435995"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002631"
},
{
"db": "NVD",
"id": "CVE-2022-40190"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-300-02"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90122134"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5425"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-40190/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-435995"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002631"
},
{
"db": "NVD",
"id": "CVE-2022-40190"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2419"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-435995"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002631"
},
{
"db": "NVD",
"id": "CVE-2022-40190"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2419"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-31T00:00:00",
"db": "VULHUB",
"id": "VHN-435995"
},
{
"date": "2022-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002631"
},
{
"date": "2022-10-31T21:15:12.660000",
"db": "NVD",
"id": "CVE-2022-40190"
},
{
"date": "2022-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-2419"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-02T00:00:00",
"db": "VULHUB",
"id": "VHN-435995"
},
{
"date": "2022-10-31T06:47:00",
"db": "JVNDB",
"id": "JVNDB-2022-002631"
},
{
"date": "2022-11-02T14:13:10.390000",
"db": "NVD",
"id": "CVE-2022-40190"
},
{
"date": "2022-11-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-2419"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2419"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAUTER\u00a0 Made \u00a0moduWeb\u00a0 Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002631"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2419"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…