CVE-2022-45139

A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality.

Published: Feb 27, 2023
Updated: Apr 14, 2023
CVE: CVE-2022-45139
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-346

Affected Software
References

Software	From	Fixed in
wago / 751-9301_firmware	16	22
wago / 751-9301_firmware	22	22.x
wago / 751-9301_firmware	23	23.x
wago / 752-8303/8000-002_firmware	18	22
wago / 752-8303/8000-002_firmware	22	22.x
wago / 752-8303/8000-002_firmware	23	23.x
wago / pfc100_firmware	16	22
wago / pfc100_firmware	22	22.x
wago / pfc100_firmware	23	23.x
wago / pfc200_firmware	16	22
wago / pfc200_firmware	22	22.x
wago / pfc200_firmware	23	23.x
wago / touch_panel_600_advanced_firmware	16	22
wago / touch_panel_600_advanced_firmware	22	22.x
wago / touch_panel_600_advanced_firmware	23	23.x
wago / touch_panel_600_marine_firmware	16	22
wago / touch_panel_600_marine_firmware	22	22.x
wago / touch_panel_600_marine_firmware	23	23.x
wago / touch_panel_600_standard_firmware	16	22
wago / touch_panel_600_standard_firmware	22	22.x
wago / touch_panel_600_standard_firmware	23	23.x

https://cert.vde.com/en/advisories/VDE-2022-060/

Vulnerability Database

289,697

CVE-2022-45139