Lucene search

[email protected]NVD:CVE-2022-45138

HistoryFeb 27, 2023 - 3:15 p.m.

CVE-2022-45138

2023-02-2715:15:11

CWE-306

[email protected]

web.nvd.nist.gov

web-based management

unauthenticated access

device compromise

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

58.1%

JSON

The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device.

Affected configurations

Nvd

Node

wago751-9301_firmwareRange16–22

wago751-9301_firmwareMatch22-

wago751-9301_firmwareMatch23

AND

wago751-9301Match-

Node

wago752-8303\/8000-002_firmwareRange18–22

wago752-8303\/8000-002_firmwareMatch22-

wago752-8303\/8000-002_firmwareMatch23

AND

wago752-8303\/8000-002Match-

Node

wagopfc100_firmwareRange16–22

wagopfc100_firmwareMatch22-

wagopfc100_firmwareMatch23

AND

wagopfc100Match-

Node

wagopfc200_firmwareRange16–22

wagopfc200_firmwareMatch22-

wagopfc200_firmwareMatch23

AND

wagopfc200Match-

Node

wagotouch_panel_600_advanced_firmwareRange16–22

wagotouch_panel_600_advanced_firmwareMatch22-

wagotouch_panel_600_advanced_firmwareMatch23

AND

wagotouch_panel_600_advancedMatch-

Node

wagotouch_panel_600_marine_firmwareRange16–22

wagotouch_panel_600_marine_firmwareMatch22-

wagotouch_panel_600_marine_firmwareMatch23

AND

wagotouch_panel_600_marineMatch-

Node

wagotouch_panel_600_standard_firmwareRange16–22

wagotouch_panel_600_standard_firmwareMatch22-

wagotouch_panel_600_standard_firmwareMatch23

AND

wagotouch_panel_600_standardMatch-

VendorProductVersionCPE
wago751-9301_firmware*cpe:2.3:o:wago:751-9301_firmware:*:*:*:*:*:*:*:*
wago751-9301_firmware22cpe:2.3:o:wago:751-9301_firmware:22:-:*:*:*:*:*:*
wago751-9301_firmware23cpe:2.3:o:wago:751-9301_firmware:23:*:*:*:*:*:*:*
wago751-9301-cpe:2.3:h:wago:751-9301:-:*:*:*:*:*:*:*
wago752-8303\/8000-002_firmware*cpe:2.3:o:wago:752-8303\/8000-002_firmware:*:*:*:*:*:*:*:*
wago752-8303\/8000-002_firmware22cpe:2.3:o:wago:752-8303\/8000-002_firmware:22:-:*:*:*:*:*:*
wago752-8303\/8000-002_firmware23cpe:2.3:o:wago:752-8303\/8000-002_firmware:23:*:*:*:*:*:*:*
wago752-8303\/8000-002-cpe:2.3:h:wago:752-8303\/8000-002:-:*:*:*:*:*:*:*
wagopfc100_firmware*cpe:2.3:o:wago:pfc100_firmware:*:*:*:*:*:*:*:*
wagopfc100_firmware22cpe:2.3:o:wago:pfc100_firmware:22:-:*:*:*:*:*:*

Vendor	Product	Version	CPE
wago	751-9301_firmware	*	cpe:2.3:o:wago:751-9301_firmware::::::::
wago	751-9301_firmware	22	cpe:2.3:o:wago:751-9301_firmware:22:-::::::
wago	751-9301_firmware	23	cpe:2.3:o:wago:751-9301_firmware:23:::::::*
wago	751-9301	-	cpe:2.3:h:wago:751-9301:-:::::::*
wago	752-8303\/8000-002_firmware	*	cpe:2.3:o:wago:752-8303\/8000-002_firmware::::::::
wago	752-8303\/8000-002_firmware	22	cpe:2.3:o:wago:752-8303\/8000-002_firmware:22:-::::::
wago	752-8303\/8000-002_firmware	23	cpe:2.3:o:wago:752-8303\/8000-002_firmware:23:::::::*
wago	752-8303\/8000-002	-	cpe:2.3:h:wago:752-8303\/8000-002:-:::::::*
wago	pfc100_firmware	*	cpe:2.3:o:wago:pfc100_firmware::::::::
wago	pfc100_firmware	22	cpe:2.3:o:wago:pfc100_firmware:22:-::::::