CVE-2022-37952

low-risk
Published 2022-08-25

A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST (<v07.09.15) could allow an attacker to compromise a victim's browser. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater.

Do I need to act?

-
0.26% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.7/10 Medium
NETWORK / HIGH complexity

Affected Products (1)

Workstationst

Affected Vendors

Ge

References (2)

Vendor Advisory https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-08-23_Works...
Vendor Advisory https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-08-23_Works...
21
/ 100
low-risk
Severity 15/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal