CVE-2023-45795 - Vulnerability Details - OpenCVE

A cross-site scripting vulnerability in the Builder Component of Pilz PASvisu before 1.14.1 allows a local unauthenticated attacker to inject malicious javascript and gain full control over the device.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Pilz	Pasvisu Pmi V8xx

No data.

No data.

References

Link	Providers
https://certvde.com/en/advisories/VDE-2023-050/

History

Mon, 22 Jun 2026 14:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 22 Jun 2026 10:00:00 +0000

Type	Values Removed	Values Added
Description		A cross-site scripting vulnerability in the Builder Component of Pilz PASvisu before 1.14.1 allows a local unauthenticated attacker to inject malicious javascript and gain full control over the device.
Title		Pilz: XSS vulnerability in Pilz PASvisu and PMI v8xx
First Time appeared		Pilz Pilz pasvisu Pilz pmi V8xx
Weaknesses		CWE-79
CPEs		cpe:2.3:a:pilz:pasvisu:::::::: cpe:2.3:a:pilz:pmi_v8xx::::::::
Vendors & Products		Pilz Pilz pasvisu Pilz pmi V8xx
References		https://certvde.com/en/advisories/VDE-2023-050/
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2026-06-22T09:06:52.570Z

Updated: 2026-06-22T13:25:46.649Z

Reserved: 2023-10-13T06:40:49.611Z

Link: CVE-2023-45795

Vulnrichment

Updated: 2026-06-22T13:25:39.613Z

NVD

No data.

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-45795", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2023-10-13T06:40:49.611Z", "datePublished": "2026-06-22T09:06:52.570Z", "dateUpdated": "2026-06-22T13:25:46.649Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "PMI v8xx", "vendor": "Pilz", "versions": [{"lessThanOrEqual": "2.0.33992", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "PASvisu", "vendor": "Pilz", "versions": [{"lessThan": "1.14.1", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pilz:pmi_v8xx:*:*:*:*:*:*:*:*", "versionEndIncluding": "2.0.33992", "versionStartIncluding": "0.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:pilz:pasvisu:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.14.1", "versionStartIncluding": "0.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "datePublic": "2025-06-03T06:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A cross-site scripting vulnerability in the Builder Component of Pilz PASvisu before 1.14.1 allows a local unauthenticated attacker to inject malicious javascript and gain full control over the device.</span><br>"}], "value": "A cross-site scripting vulnerability in the Builder Component of Pilz PASvisu before 1.14.1 allows a local unauthenticated attacker to inject malicious javascript and gain full control over the device."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2026-06-22T09:06:52.570Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://certvde.com/en/advisories/VDE-2023-050/"}], "source": {"advisory": "VDE-2023-050", "defect": ["CERT@VDE#64601"], "discovery": "UNKNOWN"}, "title": "Pilz: XSS vulnerability in Pilz PASvisu and PMI v8xx", "x_generator": {"engine": "Vulnogram 0.4.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-22T13:25:28.450217Z", "id": "CVE-2023-45795", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-22T13:25:46.649Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-45795", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-06-22T13:25:28.450217Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-22T13:25:39.613Z"}}], "cna": {"title": "Pilz: XSS vulnerability in Pilz PASvisu and PMI v8xx", "source": {"defect": ["CERT@VDE#64601"], "advisory": "VDE-2023-050", "discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Pilz", "product": "PMI v8xx", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "2.0.33992"}], "defaultStatus": "unaffected"}, {"vendor": "Pilz", "product": "PASvisu", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "1.14.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2025-06-03T06:00:00.000Z", "references": [{"url": "https://certvde.com/en/advisories/VDE-2023-050/", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.4.0"}, "descriptions": [{"lang": "en", "value": "A cross-site scripting vulnerability in the Builder Component of Pilz PASvisu before 1.14.1 allows a local unauthenticated attacker to inject malicious javascript and gain full control over the device.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A cross-site scripting vulnerability in the Builder Component of Pilz PASvisu before 1.14.1 allows a local unauthenticated attacker to inject malicious javascript and gain full control over the device.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pilz:pmi_v8xx:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "2.0.33992", "versionStartIncluding": "0.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pilz:pasvisu:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1.14.1", "versionStartIncluding": "0.0.0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2026-06-22T09:06:52.570Z"}}}, "cveMetadata": {"cveId": "CVE-2023-45795", "state": "PUBLISHED", "dateUpdated": "2026-06-22T13:25:46.649Z", "dateReserved": "2023-10-13T06:40:49.611Z", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "datePublished": "2026-06-22T09:06:52.570Z", "assignerShortName": "CERTVDE"}, "dataVersion": "5.2"}