Lucene search

CERTVDECVELIST:CVE-2022-2302

HistoryJul 11, 2022 - 10:40 a.m.

CVE-2022-2302 LENZE: Missing password verification in authorisation procedure

2022-07-1110:40:33

CWE-304

CERTVDE

www.cve.org

cve-2022-2302

lenze

authorization

remote attacker

full access

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.004

Percentile

72.4%

JSON

Multiple Lenze products of the cabinet series skip the password verification upon second login. After a user has been logged on to the device once, a remote attacker can get full access without knowledge of the password.

CNA Affected

[
  {
    "product": "cabinet c520",
    "vendor": "LENZE",
    "versions": [
      {
        "lessThan": "V01.08.01.3021",
        "status": "affected",
        "version": "V01.07.00.2757",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "cabinet c550",
    "vendor": "LENZE",
    "versions": [
      {
        "lessThan": "V01.08.01.3021",
        "status": "affected",
        "version": "V01.07.00.2757",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "cabinet c750",
    "vendor": "LENZE",
    "versions": [
      {
        "lessThan": "V01.08.01.3021",
        "status": "affected",
        "version": "V01.07.00.2757",
        "versionType": "custom"
      }
    ]
  }
]

References

cert.vde.com/en/advisories/VDE-2022-030/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.004

Percentile

72.4%

JSON

Related for CVELIST:CVE-2022-2302