Pepperl+Fuchs IO-Link Master Series 1.36 CSRF / XSS / Command Injection

Pepperl+Fuchs IO-Link Master Series with system version 1.36 and application version 1.5.28 suffers from command injection, cross site request forgery, cross site scripting, denial of service, and null pointer vulnerabilities.
Pepperl+Fuchs IO-Link Master Series 1.36 CSRF / XSS / Command Injection