CVE-2022-42974

In Kostal PIKO 1.5-1 MP plus HMI OEM p 1.0.1, the web application for the Solar Panel is vulnerable to a Stored Cross-Site Scripting (XSS) attack on /file.bootloader.upload.html. The application fails to sanitize the parameter filename, in a POST request to /file.bootloader.upload.html for a system update, thus allowing one to inject HTML and/or JavaScript on the page that will then be processed and stored by the application. Any subsequent requests to pages that retrieve the malicious content will automatically exploit the vulnerability on the victim's browser. This also happens because the tag is loaded in the function innerHTML in the page HTML.

CVSS v3 4.8 MEDIUM

4.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.3 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://medium.com/%40daviddepaulasantos/how-we-got-a-cve-for-a-dom-based-stored-xss-on-a-solar-panel-917b9d7b2545

Configurations

No configuration.

History

No history.

Information

Published : 2024-06-21 22:15

Updated : 2024-07-03 01:38

NVD link : CVE-2022-42974

Mitre link : CVE-2022-42974

CVE.ORG link : CVE-2022-42974

JSON object : View

Products Affected

No product.

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2022-42974", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.3}]}, "published": "2024-06-21T22:15:10.557", "references": [{"url": "https://medium.com/%40daviddepaulasantos/how-we-got-a-cve-for-a-dom-based-stored-xss-on-a-solar-panel-917b9d7b2545", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "In Kostal PIKO 1.5-1 MP plus HMI OEM p 1.0.1, the web application for the Solar Panel is vulnerable to a Stored Cross-Site Scripting (XSS) attack on /file.bootloader.upload.html. The application fails to sanitize the parameter filename, in a POST request to /file.bootloader.upload.html for a system update, thus allowing one to inject HTML and/or JavaScript on the page that will then be processed and stored by the application. Any subsequent requests to pages that retrieve the malicious content will automatically exploit the vulnerability on the victim's browser. This also happens because the tag is loaded in the function innerHTML in the page HTML."}, {"lang": "es", "value": "En Kostal PIKO 1.5-1 MP plus HMI OEM p 1.0.1, la aplicaci\u00f3n web para el panel solar es vulnerable a un ataque de Cross-Site Scripting Almacenado (XSS) en /file.bootloader.upload.html. La aplicaci\u00f3n no puede sanitizar el nombre del archivo del par\u00e1metro, en una solicitud POST a /file.bootloader.upload.html para una actualizaci\u00f3n del sistema, lo que permite inyectar HTML y/o JavaScript en la p\u00e1gina que luego ser\u00e1 procesada y almacenada por la aplicaci\u00f3n. Cualquier solicitud posterior a p\u00e1ginas que recuperen contenido malicioso explotar\u00e1 autom\u00e1ticamente la vulnerabilidad en el navegador de la v\u00edctima. Esto tambi\u00e9n sucede porque la etiqueta se carga en la funci\u00f3n InnerHTML en la p\u00e1gina HTML."}], "lastModified": "2024-07-03T01:38:49.800", "sourceIdentifier": "cve@mitre.org"}