CVE-2022-40912: n/a in n/a
ETAP Lighting International NV ETAP Safety Manager 1.0.0.32 is vulnerable to Cross Site Scripting (XSS). Input passed to the GET parameter 'action' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.
AI Analysis
Technical Summary
CVE-2022-40912 is a Cross Site Scripting (XSS) vulnerability identified in ETAP Lighting International NV's ETAP Safety Manager version 1.0.0.32. The vulnerability arises because the application fails to properly sanitize user input passed to the GET parameter 'action'. This improper input validation allows an attacker to inject arbitrary HTML or JavaScript code, which is then executed in the context of the victim user's browser session when they visit a crafted URL. The vulnerability is classified under CWE-79, which covers improper neutralization of input during web page generation. The CVSS v3.1 base score is 6.1 (medium severity), indicating that the vulnerability is remotely exploitable over the network without requiring privileges but does require user interaction (clicking a malicious link). The impact primarily affects confidentiality and integrity by enabling attackers to steal session cookies, perform actions on behalf of the user, or manipulate displayed content. There is no indication of availability impact. No known exploits are reported in the wild, and no patches or vendor advisories are currently linked. The vulnerability affects a specific version of ETAP Safety Manager, a software product used for safety management in lighting systems, likely deployed in industrial or commercial environments.
Potential Impact
For European organizations, the impact of this XSS vulnerability depends on the extent of ETAP Safety Manager deployment within their operational technology or safety management infrastructure. Successful exploitation could lead to session hijacking, unauthorized actions performed under the victim's credentials, or the injection of misleading information into the user interface. This can compromise the integrity of safety management processes and potentially lead to operational disruptions or safety risks if critical safety data is manipulated. Confidentiality of user sessions and potentially sensitive operational data could be exposed. Since the vulnerability requires user interaction, phishing or social engineering campaigns could be used to lure employees into clicking malicious links. European organizations in sectors such as manufacturing, utilities, or building management that rely on ETAP Safety Manager for safety compliance and monitoring are at higher risk. The lack of a patch increases the urgency for mitigation to prevent targeted attacks that could exploit this vulnerability to gain footholds or escalate privileges within safety-critical environments.
Mitigation Recommendations
Given the absence of an official patch, European organizations should implement immediate compensating controls. These include: 1) Employing web application firewalls (WAFs) with custom rules to detect and block malicious payloads targeting the 'action' GET parameter. 2) Conducting user awareness training focused on recognizing phishing attempts and suspicious URLs to reduce the risk of user interaction exploitation. 3) Restricting access to the ETAP Safety Manager interface to trusted internal networks or via VPN with strong authentication to limit exposure. 4) Implementing Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in the browser context. 5) Monitoring web server logs and application logs for unusual or suspicious requests targeting the vulnerable parameter. 6) Planning for an upgrade or patch deployment as soon as vendor fixes become available. Additionally, organizations should review and harden session management practices to reduce the impact of potential session hijacking.
Affected Countries
Germany, France, United Kingdom, Italy, Netherlands, Belgium, Sweden
CVE-2022-40912: n/a in n/a
Description
ETAP Lighting International NV ETAP Safety Manager 1.0.0.32 is vulnerable to Cross Site Scripting (XSS). Input passed to the GET parameter 'action' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.
AI-Powered Analysis
Technical Analysis
CVE-2022-40912 is a Cross Site Scripting (XSS) vulnerability identified in ETAP Lighting International NV's ETAP Safety Manager version 1.0.0.32. The vulnerability arises because the application fails to properly sanitize user input passed to the GET parameter 'action'. This improper input validation allows an attacker to inject arbitrary HTML or JavaScript code, which is then executed in the context of the victim user's browser session when they visit a crafted URL. The vulnerability is classified under CWE-79, which covers improper neutralization of input during web page generation. The CVSS v3.1 base score is 6.1 (medium severity), indicating that the vulnerability is remotely exploitable over the network without requiring privileges but does require user interaction (clicking a malicious link). The impact primarily affects confidentiality and integrity by enabling attackers to steal session cookies, perform actions on behalf of the user, or manipulate displayed content. There is no indication of availability impact. No known exploits are reported in the wild, and no patches or vendor advisories are currently linked. The vulnerability affects a specific version of ETAP Safety Manager, a software product used for safety management in lighting systems, likely deployed in industrial or commercial environments.
Potential Impact
For European organizations, the impact of this XSS vulnerability depends on the extent of ETAP Safety Manager deployment within their operational technology or safety management infrastructure. Successful exploitation could lead to session hijacking, unauthorized actions performed under the victim's credentials, or the injection of misleading information into the user interface. This can compromise the integrity of safety management processes and potentially lead to operational disruptions or safety risks if critical safety data is manipulated. Confidentiality of user sessions and potentially sensitive operational data could be exposed. Since the vulnerability requires user interaction, phishing or social engineering campaigns could be used to lure employees into clicking malicious links. European organizations in sectors such as manufacturing, utilities, or building management that rely on ETAP Safety Manager for safety compliance and monitoring are at higher risk. The lack of a patch increases the urgency for mitigation to prevent targeted attacks that could exploit this vulnerability to gain footholds or escalate privileges within safety-critical environments.
Mitigation Recommendations
Given the absence of an official patch, European organizations should implement immediate compensating controls. These include: 1) Employing web application firewalls (WAFs) with custom rules to detect and block malicious payloads targeting the 'action' GET parameter. 2) Conducting user awareness training focused on recognizing phishing attempts and suspicious URLs to reduce the risk of user interaction exploitation. 3) Restricting access to the ETAP Safety Manager interface to trusted internal networks or via VPN with strong authentication to limit exposure. 4) Implementing Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in the browser context. 5) Monitoring web server logs and application logs for unusual or suspicious requests targeting the vulnerable parameter. 6) Planning for an upgrade or patch deployment as soon as vendor fixes become available. Additionally, organizations should review and harden session management practices to reduce the impact of potential session hijacking.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2022-09-19T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682ce77b4d7c5ea9f4b397c1
Added to database: 5/20/2025, 8:35:07 PM
Last enriched: 7/6/2025, 6:26:20 AM
Last updated: 7/31/2025, 4:06:43 AM
Views: 12
Related Threats
CVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9087: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-8878: CWE-94 Improper Control of Generation of Code ('Code Injection') in properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.