CVE-2022-37952 MEDIUM

CVE-2022-37952: WorkstationST - Reflected XSS in iHistorian Data Display Tags

Vendor Ge Gas Power

Product WorkstationST

Weakness CWE-79 · XSS

Published August 25, 2022

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

4.7/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST (<v07.09.15) could allow an attacker to compromise a victim's browser. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater.

Key dates

02Disclosure timeline

August 25, 2022 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-37952

Related vulnerabilities

Identifiers

CVE CVE-2022-37952

CWE CWE-79

CVSS 4.7 / MEDIUM

Affected versions