CRITICAL🇵🇱 Wersja polska

CVE-2022-45140

CVSS 9.8v3.1pub. 2023-02-27upd. 2024-11-21

The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Wago 751 9301

    HW
    Wago
    wszystkie wersje
  • Wago 751 9301 Firmware

    OS
    Wago
    222316 – 22 (bez)
  • Wago 752 8303\/8000 002

    HW
    Wago
    wszystkie wersje
  • Wago 752 8303\/8000 002 Firmware

    OS
    Wago
    222318 – 22 (bez)
  • Wago Pfc100

    HW
    Wago
    wszystkie wersje
  • Wago Pfc100 Firmware

    OS
    Wago
    222316 – 22 (bez)
  • Wago Pfc200

    HW
    Wago
    wszystkie wersje
  • Wago Pfc200 Firmware

    OS
    Wago
    222316 – 22 (bez)
  • Wago Touch Panel 600 Advanced

    HW
    Wago
    wszystkie wersje
  • Wago Touch Panel 600 Advanced Firmware

    OS
    Wago
    222316 – 22 (bez)
  • Wago Touch Panel 600 Marine

    HW
    Wago
    wszystkie wersje
  • Wago Touch Panel 600 Marine Firmware

    OS
    Wago
    222316 – 22 (bez)
  • Wago Touch Panel 600 Standard

    HW
    Wago
    wszystkie wersje
  • Wago Touch Panel 600 Standard Firmware

    OS
    Wago
    222316 – 22 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2023-1698CRITICAL9.8ten sam produkt

In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users an...

CVE-2022-45138CRITICAL9.8ten sam produkt

The configuration backend of the web-based management can be used by unauthenticated users, although only auth...

CVE-2021-34566CRITICAL9.1ten sam produkt

In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted...

CVE-2021-34569CRITICAL9.8ten sam produkt

In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS c...

CVE-2020-12522CRITICAL10.0ten sam produkt

The reported vulnerability allows an attacker who has network access to the device to execute code with specia...