Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions < V11.32). A persistent cross-site scripting (XSS) vulnerability exists in the "Server Config" web interface of the affected devices that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires no system privileges. An attacker could use the vulnerability to compromise the confidentiality and integrity of other users' web session.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Siemens Climatix POL908和POL909 跨站脚本漏洞
Vulnerability Description
Siemens Climatix是德国西门子(Siemens)公司的一套专为空调、制冷和区域供热OEM研发的标准化和可编程控制解决方案,它提供全面的HVAC组合,可根据特定需求进行扩展。BACnet IP - POL908是其中的一个BACnet IP通信模块。AWM Module - POL909是其中的一个AWM通信模块。 Siemens Climatix POL908(所有版本)和Climatix POL909(所有版本)中的Server Config界面存在跨站脚本漏洞。攻击者可利用该漏洞注入任意
CVSS Information
N/A
Vulnerability Type
N/A