CVE-2022-45138

The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device.

Published: Feb 27, 2023
Updated: Apr 14, 2023
CVE: CVE-2022-45138
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-306

Affected Software
References

Software	From	Fixed in
wago / 751-9301_firmware	16	22
wago / 751-9301_firmware	22	22.x
wago / 751-9301_firmware	23	23.x
wago / 752-8303/8000-002_firmware	18	22
wago / 752-8303/8000-002_firmware	22	22.x
wago / 752-8303/8000-002_firmware	23	23.x
wago / pfc100_firmware	16	22
wago / pfc100_firmware	22	22.x
wago / pfc100_firmware	23	23.x
wago / pfc200_firmware	16	22
wago / pfc200_firmware	22	22.x
wago / pfc200_firmware	23	23.x
wago / touch_panel_600_advanced_firmware	16	22
wago / touch_panel_600_advanced_firmware	22	22.x
wago / touch_panel_600_advanced_firmware	23	23.x
wago / touch_panel_600_marine_firmware	16	22
wago / touch_panel_600_marine_firmware	22	22.x
wago / touch_panel_600_marine_firmware	23	23.x
wago / touch_panel_600_standard_firmware	16	22
wago / touch_panel_600_standard_firmware	22	22.x
wago / touch_panel_600_standard_firmware	23	23.x

https://cert.vde.com/en/advisories/VDE-2022-060/

Vulnerability Database

289,697

CVE-2022-45138