CVE-2022-45140

The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise.

Published: Feb 27, 2023
Updated: Apr 14, 2023
CVE: CVE-2022-45140
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-306

Affected Software
References

Software	From	Fixed in
wago / 751-9301_firmware	16	22
wago / 751-9301_firmware	22	22.x
wago / 751-9301_firmware	23	23.x
wago / 752-8303/8000-002_firmware	18	22
wago / 752-8303/8000-002_firmware	22	22.x
wago / 752-8303/8000-002_firmware	23	23.x
wago / pfc100_firmware	16	22
wago / pfc100_firmware	22	22.x
wago / pfc100_firmware	23	23.x
wago / pfc200_firmware	16	22
wago / pfc200_firmware	22	22.x
wago / pfc200_firmware	23	23.x
wago / touch_panel_600_advanced_firmware	16	22
wago / touch_panel_600_advanced_firmware	22	22.x
wago / touch_panel_600_advanced_firmware	23	23.x
wago / touch_panel_600_marine_firmware	16	22
wago / touch_panel_600_marine_firmware	22	22.x
wago / touch_panel_600_marine_firmware	23	23.x
wago / touch_panel_600_standard_firmware	16	22
wago / touch_panel_600_standard_firmware	22	22.x
wago / touch_panel_600_standard_firmware	23	23.x

https://cert.vde.com/en/advisories/VDE-2022-060/

Vulnerability Database

289,697

CVE-2022-45140