Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-45138

The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device.

Published

2023-02-27T15:15:11.317

Last Modified

2024-11-21T07:28:49.880

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
CWE-306

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	wago	751-9301_firmware	< 22	Yes
Operating System	wago	751-9301_firmware	22	Yes
Operating System	wago	751-9301_firmware	23	Yes
Hardware	wago	751-9301	-	No
Operating System	wago	752-8303\/8000-002_firmware	< 22	Yes
Operating System	wago	752-8303\/8000-002_firmware	22	Yes
Operating System	wago	752-8303\/8000-002_firmware	23	Yes
Hardware	wago	752-8303\/8000-002	-	No
Operating System	wago	pfc100_firmware	< 22	Yes
Operating System	wago	pfc100_firmware	22	Yes
Operating System	wago	pfc100_firmware	23	Yes
Hardware	wago	pfc100	-	No
Operating System	wago	pfc200_firmware	< 22	Yes
Operating System	wago	pfc200_firmware	22	Yes
Operating System	wago	pfc200_firmware	23	Yes
Hardware	wago	pfc200	-	No
Operating System	wago	touch_panel_600_advanced_firmware	< 22	Yes
Operating System	wago	touch_panel_600_advanced_firmware	22	Yes
Operating System	wago	touch_panel_600_advanced_firmware	23	Yes
Hardware	wago	touch_panel_600_advanced	-	No
Operating System	wago	touch_panel_600_marine_firmware	< 22	Yes
Operating System	wago	touch_panel_600_marine_firmware	22	Yes
Operating System	wago	touch_panel_600_marine_firmware	23	Yes
Hardware	wago	touch_panel_600_marine	-	No
Operating System	wago	touch_panel_600_standard_firmware	< 22	Yes
Operating System	wago	touch_panel_600_standard_firmware	22	Yes
Operating System	wago	touch_panel_600_standard_firmware	23	Yes
Hardware	wago	touch_panel_600_standard	-	No

References

https://cert.vde.com/en/advisories/VDE-2022-060/ Third Party Advisory ([email protected])
https://cert.vde.com/en/advisories/VDE-2022-060/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)