CVE-2021-41542: CVE-2021-41542

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-41542

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The User Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Climatix POL909 跨站脚本漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Siemens Climatix Pol909是德国西门子（Siemens）公司的一个智能网络模块。 Climatix POL909的AWB模块11.44之前版本以及 Climatix POL909的AWM模块11.36之前版本存在安全漏洞，该漏洞源于受影响设备的User Management页面容易受到跨站点脚本攻击。该漏洞允许攻击者发送恶意 JavaScript 代码，导致劫持用户的 cookie或session，将用户重定向到恶意网页并执行意外的浏览器操作。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Siemens	Climatix POL909 (AWB module)	All versions < V11.44	-
Siemens	Climatix POL909 (AWM module)	All versions < V11.36	-

II. Public POCs for CVE-2021-41542

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-41542

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same product: Climatix POL909 (AWB module)

Same vendor: Siemens

Same weakness: CWE-79

V. Comments for CVE-2021-41542

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2021-41542

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-41542

III. Intelligence Information for CVE-2021-41542

IV. Related Vulnerabilities

V. Comments for CVE-2021-41542

Leave a comment