ID

VAR-202302-1898


CVE

CVE-2022-45140


TITLE

Multiple WAGO product Access control error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202302-2111

DESCRIPTION

The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise

Trust: 0.99

sources: NVD: CVE-2022-45140 // VULMON: CVE-2022-45140

AFFECTED PRODUCTS

vendor:wagomodel:touch panel 600 marinescope:gteversion:16

Trust: 1.0

vendor:wagomodel:touch panel 600 marinescope:ltversion:22

Trust: 1.0

vendor:wagomodel:751-9301scope:eqversion:23

Trust: 1.0

vendor:wagomodel:752-8303\/8000-002scope:eqversion:23

Trust: 1.0

vendor:wagomodel:touch panel 600 advancedscope:eqversion:23

Trust: 1.0

vendor:wagomodel:pfc100scope:eqversion:23

Trust: 1.0

vendor:wagomodel:pfc200scope:eqversion:23

Trust: 1.0

vendor:wagomodel:touch panel 600 marinescope:eqversion:22

Trust: 1.0

vendor:wagomodel:pfc200scope:ltversion:22

Trust: 1.0

vendor:wagomodel:touch panel 600 standardscope:eqversion:23

Trust: 1.0

vendor:wagomodel:touch panel 600 standardscope:ltversion:22

Trust: 1.0

vendor:wagomodel:752-8303\/8000-002scope:gteversion:18

Trust: 1.0

vendor:wagomodel:751-9301scope:ltversion:22

Trust: 1.0

vendor:wagomodel:touch panel 600 standardscope:gteversion:16

Trust: 1.0

vendor:wagomodel:751-9301scope:gteversion:16

Trust: 1.0

vendor:wagomodel:touch panel 600 marinescope:eqversion:23

Trust: 1.0

vendor:wagomodel:752-8303\/8000-002scope:ltversion:22

Trust: 1.0

vendor:wagomodel:touch panel 600 advancedscope:ltversion:22

Trust: 1.0

vendor:wagomodel:pfc100scope:ltversion:22

Trust: 1.0

vendor:wagomodel:touch panel 600 standardscope:eqversion:22

Trust: 1.0

vendor:wagomodel:pfc200scope:gteversion:16

Trust: 1.0

vendor:wagomodel:touch panel 600 advancedscope:gteversion:16

Trust: 1.0

vendor:wagomodel:751-9301scope:eqversion:22

Trust: 1.0

vendor:wagomodel:pfc100scope:gteversion:16

Trust: 1.0

vendor:wagomodel:752-8303\/8000-002scope:eqversion:22

Trust: 1.0

vendor:wagomodel:touch panel 600 advancedscope:eqversion:22

Trust: 1.0

vendor:wagomodel:pfc100scope:eqversion:22

Trust: 1.0

vendor:wagomodel:pfc200scope:eqversion:22

Trust: 1.0

sources: NVD: CVE-2022-45140

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-45140
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-202302-2111
value: CRITICAL

Trust: 0.6

NVD: CVE-2022-45140
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202302-2111 // NVD: CVE-2022-45140

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.0

sources: NVD: CVE-2022-45140

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-2111

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202302-2111

CONFIGURATIONS

sources: NVD: CVE-2022-45140

PATCH

title:Multiple WAGO product Fixes for access control error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=226883

Trust: 0.6

sources: CNNVD: CNNVD-202302-2111

EXTERNAL IDS

db:CERT@VDEid:VDE-2022-060

Trust: 1.7

db:NVDid:CVE-2022-45140

Trust: 1.7

db:CNNVDid:CNNVD-202302-2111

Trust: 0.6

db:VULMONid:CVE-2022-45140

Trust: 0.1

sources: VULMON: CVE-2022-45140 // CNNVD: CNNVD-202302-2111 // NVD: CVE-2022-45140

REFERENCES

url:https://cert.vde.com/en/advisories/vde-2022-060/

Trust: 1.7

url:https://cxsecurity.com/cveshow/cve-2022-45140/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/306.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2022-45140 // CNNVD: CNNVD-202302-2111 // NVD: CVE-2022-45140

SOURCES

db:VULMONid:CVE-2022-45140
db:CNNVDid:CNNVD-202302-2111
db:NVDid:CVE-2022-45140

LAST UPDATE DATE

2023-03-10T22:08:35.721000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-45140date:2023-02-27T00:00:00
db:CNNVDid:CNNVD-202302-2111date:2023-02-28T00:00:00
db:NVDid:CVE-2022-45140date:2023-03-07T21:49:00

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-45140date:2023-02-27T00:00:00
db:CNNVDid:CNNVD-202302-2111date:2023-02-27T00:00:00
db:NVDid:CVE-2022-45140date:2023-02-27T15:15:00