CVE-2025-3020

MEDIUM

Wiesemann & Theis ERP-Gateway and Web-IO - Stored Cross-Site Scripting in Configuration Webpage

Title source: llm
STIX 2.1

Description

An low privileged remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into several fields of the configuration webpage with limited impact.

References (1)

Core 1
Core References

Scores

CVSS v3 5.4
EPSS 0.0023
EPSS Percentile 14.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (22)
Wiesemann & Theis/ERP-Gateway 12x Digital Input, 6x Digital Relais all
Wiesemann & Theis/ERP-Gateway 2x Digital Input, 2x Digital Output all
Wiesemann & Theis/ERP-Gateway 2x Digital PoE all
Wiesemann & Theis/Web-Alarm 6x6 DigitalWeb-Alarm 6x6 Digital all
Wiesemann & Theis/Web-Count 6x Digital < 3.79
Wiesemann & Theis/Web-Graph Air Quality all
Wiesemann & Theis/Web-IO 12x Digital Input, 6x Digital Relais all
Wiesemann & Theis/Web-IO Analog-In/Out 2x 0/4..20mA PoE all
Wiesemann & Theis/Web-IO Digital 12xIn, 12xOut < 4.08
Wiesemann & Theis/Web-IO Digital 12xIn, 12xOut all
... and 12 more
Published May 06, 2025
Tracked Since Feb 18, 2026