CVE-2022-3738
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.6 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
53.2%
The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| wago:pfc100_firmware | wago pfc100 firmware | le | 22 |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Series WAGO PFC100",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Series WAGO PFC200",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Series WAGO Touch Panel 600 Advanced Line",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Series WAGO Touch Panel 600 Marine Line",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Series WAGO Touch Panel 600 Standard Line",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WAGO Compact Controller CC100",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WAGO Edge Controller",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW22",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
}
]References
Related
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.6 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
53.2%