Lucene search
CERTVDECVELIST:CVE-2022-4098HistoryDec 13, 2022 - 7:26 a.m.
CVE-2022-4098 Wiesemann & Theis: Multiple products prone to missing authentication through spoofing
2022-12-1307:26:17
CWE-290
CERTVDE
www.cve.org
4
wiesemann & theis
comserver series
authentication bypass
ip spoofing
http get requests
device takeover
CVSS3
8
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
8.3
Confidence
High
EPSS
0.001
Percentile
26.0%
Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by crafting modified HTTP Get requests. This may result in a complete takeover of the device.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Com-Server ++",
"vendor": "Wiesemann & Theis",
"versions": [
{
"lessThan": "1.55",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Com-Server 20mA",
"vendor": "Wiesemann & Theis",
"versions": [
{
"lessThan": "1.55",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Com-Server Highspeed 100BaseFX",
"vendor": "Wiesemann & Theis",
"versions": [
{
"lessThan": "1.78",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Com-Server Highspeed 100BaseLX",
"vendor": "Wiesemann & Theis",
"versions": [
{
"lessThan": "1.78",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Com-Server Highspeed 19\" 1Port",
"vendor": "Wiesemann & Theis",
"versions": [
{
"lessThan": "1.78",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Com-Server Highspeed 19\" 4Port",
"vendor": "Wiesemann & Theis",
"versions": [
{
"lessThan": "1.78",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Com-Server Highspeed Compact",
"vendor": "Wiesemann & Theis",
"versions": [
{
"lessThan": "1.78",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Com-Server Highspeed Industry",
"vendor": "Wiesemann & Theis",
"versions": [
{
"lessThan": "1.78",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Com-Server Highspeed Isolated",
"vendor": "Wiesemann & Theis",
"versions": [
{
"lessThan": "1.78",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Com-Server Highspeed OEM",
"vendor": "Wiesemann & Theis",
"versions": [
{
"lessThan": "1.78",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Com-Server Highspeed Office 1 Port",
"vendor": "Wiesemann & Theis",
"versions": [
{
"lessThan": "1.78",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Com-Server Highspeed Office 4 Port",
"vendor": "Wiesemann & Theis",
"versions": [
{
"lessThan": "1.78",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Com-Server Highspeed PoE",
"vendor": "Wiesemann & Theis",
"versions": [
{
"lessThan": "1.78",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Com-Server LC",
"vendor": "Wiesemann & Theis",
"versions": [
{
"lessThan": "1.55",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Com-Server PoE 3 x Isolated",
"vendor": "Wiesemann & Theis",
"versions": [
{
"lessThan": "1.55",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Com-Server UL",
"vendor": "Wiesemann & Theis",
"versions": [
{
"lessThan": "1.55",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]References
Related
prion
prion
Authentication flaw
2022-12-13 08:15:00
nvd
nvd
CVE-2022-4098
2022-12-13 08:15:10
cve
cve
CVE-2022-4098
2022-12-13 08:15:10
CVSS3
8
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
8.3
Confidence
High
EPSS
0.001
Percentile
26.0%
Related for CVELIST:CVE-2022-4098