CVE-2022-22511 – WAGO PLCs WBM vulnerable to reflected XSS

https://notcve.org/view.php?id=CVE-2022-22511

Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised. Varias páginas de configuración del dispositivo son vulnerables a ataques de tipo XSS (Cross-Site Scripting) reflejados. Un atacante autorizado con privilegios de usuario puede usar esto para conseguir acceso a información confidencial en un PC que sea conectado al WBM después de haber sido comprometido • https://cert.vde.com/en/advisories/VDE-2022-004 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •