Primary

Context

Wiesemann & Theis Products Cross-Site Scripting Vulnerability

Vulnerability

Patched

A cross-site scripting vulnerability has been identified in multiple products by Wiesemann & Theis. This issue allows low-privileged remote attackers to execute arbitrary web scripts or HTML. The vulnerability arises from crafted payloads injected into various fields on the configuration webpage, with the impact being limited.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject and execute malicious scripts in the context of the user's browser.

Remediation

All affected products are at end-of-life. For the Web-IO Digital Logger 6xIn, Web-Count 6x Digital, and Web-IO Digital 12xIn/12xOut products, it is recommended to upgrade to the latest firmware versions. No updates will be available for the other affected products.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

1.7

exploitability

4.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

1.7

exploitability

4.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Wiesemann & Theis Products Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Wiesemann & Theis ERP-Gateway 12x Digital Input, 6x Digital Relais

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating