ID
VAR-202302-1898
CVE
CVE-2022-45140
TITLE
Multiple WAGO product Access control error vulnerability
Trust: 0.6
sources:
CNNVD: CNNVD-202302-2111
DESCRIPTION
The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise
Trust: 0.99
sources:
NVD: CVE-2022-45140 //
VULMON: CVE-2022-45140
AFFECTED PRODUCTS
| vendor: | wago | model: | touch panel 600 marine | scope: | gte | version: | 16 | Trust: 1.0 |
| vendor: | wago | model: | touch panel 600 marine | scope: | lt | version: | 22 | Trust: 1.0 |
| vendor: | wago | model: | 751-9301 | scope: | eq | version: | 23 | Trust: 1.0 |
| vendor: | wago | model: | 752-8303\/8000-002 | scope: | eq | version: | 23 | Trust: 1.0 |
| vendor: | wago | model: | touch panel 600 advanced | scope: | eq | version: | 23 | Trust: 1.0 |
| vendor: | wago | model: | pfc100 | scope: | eq | version: | 23 | Trust: 1.0 |
| vendor: | wago | model: | pfc200 | scope: | eq | version: | 23 | Trust: 1.0 |
| vendor: | wago | model: | touch panel 600 marine | scope: | eq | version: | 22 | Trust: 1.0 |
| vendor: | wago | model: | pfc200 | scope: | lt | version: | 22 | Trust: 1.0 |
| vendor: | wago | model: | touch panel 600 standard | scope: | eq | version: | 23 | Trust: 1.0 |
| vendor: | wago | model: | touch panel 600 standard | scope: | lt | version: | 22 | Trust: 1.0 |
| vendor: | wago | model: | 752-8303\/8000-002 | scope: | gte | version: | 18 | Trust: 1.0 |
| vendor: | wago | model: | 751-9301 | scope: | lt | version: | 22 | Trust: 1.0 |
| vendor: | wago | model: | touch panel 600 standard | scope: | gte | version: | 16 | Trust: 1.0 |
| vendor: | wago | model: | 751-9301 | scope: | gte | version: | 16 | Trust: 1.0 |
| vendor: | wago | model: | touch panel 600 marine | scope: | eq | version: | 23 | Trust: 1.0 |
| vendor: | wago | model: | 752-8303\/8000-002 | scope: | lt | version: | 22 | Trust: 1.0 |
| vendor: | wago | model: | touch panel 600 advanced | scope: | lt | version: | 22 | Trust: 1.0 |
| vendor: | wago | model: | pfc100 | scope: | lt | version: | 22 | Trust: 1.0 |
| vendor: | wago | model: | touch panel 600 standard | scope: | eq | version: | 22 | Trust: 1.0 |
| vendor: | wago | model: | pfc200 | scope: | gte | version: | 16 | Trust: 1.0 |
| vendor: | wago | model: | touch panel 600 advanced | scope: | gte | version: | 16 | Trust: 1.0 |
| vendor: | wago | model: | 751-9301 | scope: | eq | version: | 22 | Trust: 1.0 |
| vendor: | wago | model: | pfc100 | scope: | gte | version: | 16 | Trust: 1.0 |
| vendor: | wago | model: | 752-8303\/8000-002 | scope: | eq | version: | 22 | Trust: 1.0 |
| vendor: | wago | model: | touch panel 600 advanced | scope: | eq | version: | 22 | Trust: 1.0 |
| vendor: | wago | model: | pfc100 | scope: | eq | version: | 22 | Trust: 1.0 |
| vendor: | wago | model: | pfc200 | scope: | eq | version: | 22 | Trust: 1.0 |
sources:
NVD: CVE-2022-45140
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||
|
|
sources:
CNNVD: CNNVD-202302-2111 //
NVD: CVE-2022-45140
PROBLEMTYPE DATA
| problemtype: | CWE-306 | Trust: 1.0 |
sources:
NVD: CVE-2022-45140
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-202302-2111
TYPE
access control error
Trust: 0.6
sources:
CNNVD: CNNVD-202302-2111
CONFIGURATIONS
sources:
NVD: CVE-2022-45140
PATCH
| title: | Multiple WAGO product Fixes for access control error vulnerabilities | url: | http://123.124.177.30/web/xxk/bdxqbyid.tag?id=226883 | Trust: 0.6 |
sources:
CNNVD: CNNVD-202302-2111
EXTERNAL IDS
| db: | CERT@VDE | id: | VDE-2022-060 | Trust: 1.7 |
| db: | NVD | id: | CVE-2022-45140 | Trust: 1.7 |
| db: | CNNVD | id: | CNNVD-202302-2111 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2022-45140 | Trust: 0.1 |
sources:
VULMON: CVE-2022-45140 //
CNNVD: CNNVD-202302-2111 //
NVD: CVE-2022-45140
REFERENCES
| url: | https://cert.vde.com/en/advisories/vde-2022-060/ | Trust: 1.7 |
| url: | https://cxsecurity.com/cveshow/cve-2022-45140/ | Trust: 0.6 |
| url: | https://cwe.mitre.org/data/definitions/306.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
sources:
VULMON: CVE-2022-45140 //
CNNVD: CNNVD-202302-2111 //
NVD: CVE-2022-45140
SOURCES
| db: | VULMON | id: | CVE-2022-45140 |
| db: | CNNVD | id: | CNNVD-202302-2111 |
| db: | NVD | id: | CVE-2022-45140 |
LAST UPDATE DATE
2023-03-10T22:08:35.721000+00:00
SOURCES UPDATE DATE
| db: | VULMON | id: | CVE-2022-45140 | date: | 2023-02-27T00:00:00 |
| db: | CNNVD | id: | CNNVD-202302-2111 | date: | 2023-02-28T00:00:00 |
| db: | NVD | id: | CVE-2022-45140 | date: | 2023-03-07T21:49:00 |
SOURCES RELEASE DATE
| db: | VULMON | id: | CVE-2022-45140 | date: | 2023-02-27T00:00:00 |
| db: | CNNVD | id: | CNNVD-202302-2111 | date: | 2023-02-27T00:00:00 |
| db: | NVD | id: | CVE-2022-45140 | date: | 2023-02-27T15:15:00 |