CVE-2022-4286 MEDIUM

CVE-2022-4286: Reflected Cross-Site Scripting Vulnerabilities in Automation Runtime

Vendor B&R Industrial Automation

Product B&R Automation Runtime

Weakness CWE-79 · XSS

Published February 14, 2023

Last update March 20, 2025

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

A reflected cross-site scripting (XSS) vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions >=3.00 and <=C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session.

Key dates

02Disclosure timeline

February 14, 2023 CVE published

March 20, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-4286 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2015-10078 atwellpub Resend Welcome Email Plugin resend-welcome-email.php send_welcome_email_url cross site scripting CVE-2025-23681 WordPress REDIRECTION PLUS plugin <= 2.0.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-3563 Genesis Blocks <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Sharing Block Attributes CVE-2018-25065 Wikimedia mediawiki-extensions-I18nTags Unlike Parser I18nTags_body.php cross site scripting CVE-2024-51611 WordPress WP Feature Box plugin <= 0.1.3 - Stored Cross Site Scripting (XSS) vulnerability

Identifiers

CVE CVE-2022-4286

CWE CWE-79

CVSS 6.1 / MEDIUM

Affected versions

Vendor B&R Industrial Automation

Product B&R Automation Runtime

Affected ≥ >=3.00 and ≤ C4.93