Lucene search

[email protected]NVD:CVE-2022-3738

HistoryJan 19, 2023 - 12:15 p.m.

CVE-2022-3738

2023-01-1912:15:11

CWE-306

[email protected]

web.nvd.nist.gov

vulnerability

remote attacker

backup file

sensitive information

credentials

cryptographic material

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.2%

JSON

The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.

Affected configurations

NVD

Node

wagopfc100_firmwareRange16–22

AND

wagopfc100Match-

Node

wagopfc200_firmwareRange16–22

AND

wagopfc200Match-

Node

wagotouch_panel_600_advanced_firmwareRange16–22

AND

wagotouch_panel_600_advancedMatch-

Node

wagotouch_panel_600_standard_firmwareRange16–22

AND

wagotouch_panel_600_standardMatch-

Node

wagotouch_panel_600_marine_firmwareRange16–22

AND

wagotouch_panel_600_marineMatch-

Node

wagocc100_firmwareRange16–22

AND

wagocc100Match-

Node

wagoedge_controller_firmwareRange16–22

AND

wagoedge_controllerMatch-

References

cert.vde.com/en/advisories/VDE-2022-054/

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.2%

JSON

Related for NVD:CVE-2022-3738

prion1 nessus1 cvelist1 cve1