CVE-2015-3970

Name of the Vulnerable Software and Affected Versions Janitza UMG versions 508, 509, 511, 604, 605

Description The issue exists due to a lack of protection for the web page structure in the web interface of the Janitza UMG devices. This allows a remote attacker to inject arbitrary web or HTML code, potentially leading to cross-site scripting (XSS) attacks.

Recommendations For Janitza UMG versions 508, 509, 511, 604, 605, consider restricting access to the web interface until a patch is available. As a temporary workaround, avoid using the web interface for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.