VYPR

Climatix POL909 (AWM module)

by Siemens Foundation

CVEs (6)

  • CVE-2021-41543Mar 8, 2022
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The handling of log files in the web application of affected devices contains an information disclosure vulnerability which could…

  • CVE-2021-41542Mar 8, 2022
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The User Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to…

  • CVE-2021-41541Mar 8, 2022
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The Group Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to…

  • CVE-2021-40366Nov 9, 2021
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.42), Climatix POL909 (AWM module) (All versions < V11.34). The web server of affected devices transmits data without TLS encryption. This could allow an unauthenticated remote attacker in a…

  • CVE-2020-7575Apr 14, 2020
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions < V11.32). A persistent cross-site scripting (XSS) vulnerability exists in the web server access log page of the affected devices that could allow…

  • CVE-2020-7574Apr 14, 2020
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions < V11.32). A persistent cross-site scripting (XSS) vulnerability exists in the "Server Config" web interface of the affected devices that could…