Sign-up

ID

VAR-202302-1898


CVE

CVE-2022-45140


TITLE

plural  WAGO  Vulnerability related to lack of authentication for critical functions in the product

Trust: 0.8

sources: JVNDB: JVNDB-2022-019558

DESCRIPTION

The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise. 751-9301 firmware, 752-8303/8000-002 firmware, PFC100 firmware etc. WAGO The product contains a lack of authentication vulnerability for critical functionality.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-45140 // JVNDB: JVNDB-2022-019558 // VULMON: CVE-2022-45140

AFFECTED PRODUCTS

vendor:wagomodel:touch panel 600 marinescope:gteversion:16

Trust: 1.0

vendor:wagomodel:touch panel 600 marinescope:ltversion:22

Trust: 1.0

vendor:wagomodel:751-9301scope:eqversion:23

Trust: 1.0

vendor:wagomodel:752-8303\/8000-002scope:eqversion:23

Trust: 1.0

vendor:wagomodel:touch panel 600 advancedscope:eqversion:23

Trust: 1.0

vendor:wagomodel:pfc100scope:eqversion:23

Trust: 1.0

vendor:wagomodel:pfc200scope:eqversion:23

Trust: 1.0

vendor:wagomodel:touch panel 600 marinescope:eqversion:22

Trust: 1.0

vendor:wagomodel:pfc200scope:ltversion:22

Trust: 1.0

vendor:wagomodel:touch panel 600 standardscope:eqversion:23

Trust: 1.0

vendor:wagomodel:touch panel 600 standardscope:ltversion:22

Trust: 1.0

vendor:wagomodel:752-8303\/8000-002scope:gteversion:18

Trust: 1.0

vendor:wagomodel:751-9301scope:ltversion:22

Trust: 1.0

vendor:wagomodel:touch panel 600 standardscope:gteversion:16

Trust: 1.0

vendor:wagomodel:751-9301scope:gteversion:16

Trust: 1.0

vendor:wagomodel:touch panel 600 marinescope:eqversion:23

Trust: 1.0

vendor:wagomodel:752-8303\/8000-002scope:ltversion:22

Trust: 1.0

vendor:wagomodel:touch panel 600 advancedscope:ltversion:22

Trust: 1.0

vendor:wagomodel:pfc100scope:ltversion:22

Trust: 1.0

vendor:wagomodel:touch panel 600 standardscope:eqversion:22

Trust: 1.0

vendor:wagomodel:pfc200scope:gteversion:16

Trust: 1.0

vendor:wagomodel:touch panel 600 advancedscope:gteversion:16

Trust: 1.0

vendor:wagomodel:751-9301scope:eqversion:22

Trust: 1.0

vendor:wagomodel:pfc100scope:gteversion:16

Trust: 1.0

vendor:wagomodel:752-8303\/8000-002scope:eqversion:22

Trust: 1.0

vendor:wagomodel:touch panel 600 advancedscope:eqversion:22

Trust: 1.0

vendor:wagomodel:pfc100scope:eqversion:22

Trust: 1.0

vendor:wagomodel:pfc200scope:eqversion:22

Trust: 1.0

vendor:wagomodel:touch panel 600 advancedscope: - version: -

Trust: 0.8

vendor:wagomodel:pfc200scope: - version: -

Trust: 0.8

vendor:wagomodel:751-9301scope: - version: -

Trust: 0.8

vendor:wagomodel:touch panel 600 marinescope: - version: -

Trust: 0.8

vendor:wagomodel:pfc100scope: - version: -

Trust: 0.8

vendor:wagomodel:touch panel 600 standardscope: - version: -

Trust: 0.8

vendor:wagomodel:752-8303/8000-002scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-019558 // NVD: CVE-2022-45140

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-45140
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2022-019558
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202302-2111
value: CRITICAL

Trust: 0.6

NVD: CVE-2022-45140
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2022-019558
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-019558 // NVD: CVE-2022-45140 // CNNVD: CNNVD-202302-2111

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.0

problemtype:Lack of authentication for critical features (CWE-306) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-019558 // NVD: CVE-2022-45140

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-2111

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202302-2111

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-45140

PATCH
title:Multiple WAGO product Fixes for access control error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=226883
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202302-2111

EXTERNAL IDS
db:NVDid:CVE-2022-45140
Trust: 3.3
db:CERT@VDEid:VDE-2022-060
Trust: 2.5
db:JVNDBid:JVNDB-2022-019558
Trust: 0.8
db:CNNVDid:CNNVD-202302-2111
Trust: 0.6
db:VULMONid:CVE-2022-45140
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-45140 // 
            
            
            
            JVNDB: JVNDB-2022-019558 // 
            
            
            
            NVD: CVE-2022-45140 // 
            
            
            
            CNNVD: CNNVD-202302-2111

REFERENCES
url:https://cert.vde.com/en/advisories/vde-2022-060/
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2022-45140
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2022-45140/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/306.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-45140 // 
            
            
            
            JVNDB: JVNDB-2022-019558 // 
            
            
            
            NVD: CVE-2022-45140 // 
            
            
            
            CNNVD: CNNVD-202302-2111

SOURCES
db:VULMONid:CVE-2022-45140
db:JVNDBid:JVNDB-2022-019558
db:NVDid:CVE-2022-45140
db:CNNVDid:CNNVD-202302-2111

LAST UPDATE DATE
2023-10-27T22:34:49.288000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2022-45140date:2023-02-27T00:00:00
db:JVNDBid:JVNDB-2022-019558date:2023-10-26T05:43:00
db:NVDid:CVE-2022-45140date:2023-03-07T21:49:00
db:CNNVDid:CNNVD-202302-2111date:2023-02-28T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2022-45140date:2023-02-27T00:00:00
db:JVNDBid:JVNDB-2022-019558date:2023-10-26T00:00:00
db:NVDid:CVE-2022-45140date:2023-02-27T15:15:00
db:CNNVDid:CNNVD-202302-2111date:2023-02-27T00:00:00