CVE-2022-45138

EPSS 0.21%
Published 27.02.2023 15:15:11
Last modified 21.11.2024 07:28:49
Source info@cert.vde.com
Teams watchlist Login
Open Login

The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Wago ≫ 751-9301 Firmware Version >= 16 < 22

Wago ≫ 751-9301 Version-

Wago ≫ 751-9301 Firmware Version22 Update-

Wago ≫ 751-9301 Version-

Wago ≫ 751-9301 Firmware Version23

Wago ≫ 751-9301 Version-

Wago ≫ 752-8303/8000-002 Firmware Version >= 18 < 22

Wago ≫ 752-8303/8000-002 Version-

Wago ≫ 752-8303/8000-002 Firmware Version22 Update-

Wago ≫ 752-8303/8000-002 Version-

Wago ≫ 752-8303/8000-002 Firmware Version23

Wago ≫ 752-8303/8000-002 Version-

Wago ≫ Pfc100 Firmware Version >= 16 < 22

Wago ≫ Pfc100 Version-

Wago ≫ Pfc100 Firmware Version22 Update-

Wago ≫ Pfc100 Version-

Wago ≫ Pfc100 Firmware Version23

Wago ≫ Pfc100 Version-

Wago ≫ Pfc200 Firmware Version >= 16 < 22

Wago ≫ Pfc200 Version-

Wago ≫ Pfc200 Firmware Version22 Update-

Wago ≫ Pfc200 Version-

Wago ≫ Pfc200 Firmware Version23

Wago ≫ Pfc200 Version-

Wago ≫ Touch Panel 600 Advanced Firmware Version >= 16 < 22

Wago ≫ Touch Panel 600 Advanced Version-

Wago ≫ Touch Panel 600 Advanced Firmware Version22 Update-

Wago ≫ Touch Panel 600 Advanced Version-

Wago ≫ Touch Panel 600 Advanced Firmware Version23

Wago ≫ Touch Panel 600 Advanced Version-

Wago ≫ Touch Panel 600 Marine Firmware Version >= 16 < 22

Wago ≫ Touch Panel 600 Marine Version-

Wago ≫ Touch Panel 600 Marine Firmware Version22 Update-

Wago ≫ Touch Panel 600 Marine Version-

Wago ≫ Touch Panel 600 Marine Firmware Version23

Wago ≫ Touch Panel 600 Marine Version-

Wago ≫ Touch Panel 600 Standard Firmware Version >= 16 < 22

Wago ≫ Touch Panel 600 Standard Version-

Wago ≫ Touch Panel 600 Standard Firmware Version22 Update-

Wago ≫ Touch Panel 600 Standard Version-

Wago ≫ Touch Panel 600 Standard Firmware Version23

Wago ≫ Touch Panel 600 Standard Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.21%	0.41

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
info@cert.vde.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://cert.vde.com/en/advisories/VDE-2022-060/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-45138

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-45138

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-45138

EUVD