CRITICAL🇬🇧 English

CVE-2022-45138

CVSS 9.8v3.1pub. 2023-02-27upd. 2024-11-21

The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Wago 751 9301

    HW
    Wago
    wszystkie wersje
  • Wago 751 9301 Firmware

    OS
    Wago
    222316 – 22 (bez)
  • Wago 752 8303\/8000 002

    HW
    Wago
    wszystkie wersje
  • Wago 752 8303\/8000 002 Firmware

    OS
    Wago
    222318 – 22 (bez)
  • Wago Pfc100

    HW
    Wago
    wszystkie wersje
  • Wago Pfc100 Firmware

    OS
    Wago
    222316 – 22 (bez)
  • Wago Pfc200

    HW
    Wago
    wszystkie wersje
  • Wago Pfc200 Firmware

    OS
    Wago
    222316 – 22 (bez)
  • Wago Touch Panel 600 Advanced

    HW
    Wago
    wszystkie wersje
  • Wago Touch Panel 600 Advanced Firmware

    OS
    Wago
    222316 – 22 (bez)
  • Wago Touch Panel 600 Marine

    HW
    Wago
    wszystkie wersje
  • Wago Touch Panel 600 Marine Firmware

    OS
    Wago
    222316 – 22 (bez)
  • Wago Touch Panel 600 Standard

    HW
    Wago
    wszystkie wersje
  • Wago Touch Panel 600 Standard Firmware

    OS
    Wago
    222316 – 22 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2023-1698CRITICAL9.8ten sam produkt

In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users an...

CVE-2022-45140CRITICAL9.8ten sam produkt

The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the s...

CVE-2021-34566CRITICAL9.1ten sam produkt

In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted...

CVE-2021-34569CRITICAL9.8ten sam produkt

In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS c...

CVE-2020-12522CRITICAL10.0ten sam produkt

The reported vulnerability allows an attacker who has network access to the device to execute code with specia...