CVE-2021-40223

Name of the Vulnerable Software and Affected Versions Rittal CMC PU III Web management version V3.11.00 2

Description The issue arises from the failure to sanitize user input on several configuration parameters, including the User Configuration dialog, Task Configuration dialog, and set logging filter dialog. This allows an attacker to inject HTML and browser-interpreted content, such as JavaScript or other client-side scripts, effectively backdooring the device. The payload is triggered when a user accesses specific sections of the application.

Recommendations For version V3.11.00 2, consider disabling the configuration dialogs (User Configuration, Task Configuration, and set logging filter) until a patch is available to prevent exploitation. Restrict access to the affected sections of the application to minimize the risk of payload triggering. Avoid using the vulnerable parameters in the configuration dialogs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.