PT-2025-19900 · Wiesemann&Theis · Erp-Gateway 12X Digital Input+19
Published
2025-05-06
·
Updated
2025-05-06
·
CVE-2025-3020
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
The product name cannot be determined.
Description
A remote attacker with low privileges can execute arbitrary web scripts or HTML through a crafted payload injected into several fields of the configuration webpage, resulting in limited impact.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Erp-Gateway 12X Digital Input
Erp-Gateway 2X Digital Input
Erp-Gateway 2X Digital Poe
Web-Alarm 6X6 Digitalweb-Alarm 6X6 Digital
Web-Count 6X Digital
Web-Graph Air Quality
Web-Io 12X Digital Input
Web-Io Analog-In/Out 2X 0/4..20Ma Poe
Web-Io Digital 12Xin
Web-Io Digital 2Xin
Web-Io Digital Logger 6Xin
Web-Thermo-Hygrobarograph
Web-Thermo-Hygrograph
Web-Thermograph 2X
Web-Thermograph 8X
Web-Thermograph Ntc
Web-Thermograph Ntc Poe
Web-Thermograph Pt100 / Pt1000
Web-Thermograph Pt100 / Pt1000 Poe
Web-Thermograph Relais