CVE-2025-3020
MEDIUMWiesemann & Theis ERP-Gateway and Web-IO - Stored Cross-Site Scripting in Configuration Webpage
Title source: llmDescription
An low privileged remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into several fields of the configuration webpage with limited impact.
References (1)
Core 1
Core References
Various Sources
https://cert.vde.com/en/advisories/VDE-2025-032
Scores
CVSS v3
5.4
EPSS
0.0023
EPSS Percentile
14.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (22)
Wiesemann & Theis/ERP-Gateway 12x Digital Input, 6x Digital Relais
all
Wiesemann & Theis/ERP-Gateway 2x Digital Input, 2x Digital Output
all
Wiesemann & Theis/ERP-Gateway 2x Digital PoE
all
Wiesemann & Theis/Web-Alarm 6x6 DigitalWeb-Alarm 6x6 Digital
all
Wiesemann & Theis/Web-Count 6x Digital
< 3.79
Wiesemann & Theis/Web-Graph Air Quality
all
Wiesemann & Theis/Web-IO 12x Digital Input, 6x Digital Relais
all
Wiesemann & Theis/Web-IO Analog-In/Out 2x 0/4..20mA PoE
all
Wiesemann & Theis/Web-IO Digital 12xIn, 12xOut
< 4.08
Wiesemann & Theis/Web-IO Digital 12xIn, 12xOut
all
... and 12 more
Published
May 06, 2025
Tracked Since
Feb 18, 2026