Sign-up

ID

VAR-202302-1899


CVE

CVE-2022-45138


TITLE

plural  WAGO  Vulnerability related to lack of authentication for critical functions in the product

Trust: 0.8

sources: JVNDB: JVNDB-2022-019560

DESCRIPTION

The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device. 751-9301 firmware, 752-8303/8000-002 firmware, PFC100 firmware etc. WAGO The product contains a lack of authentication vulnerability for critical functionality.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-45138 // JVNDB: JVNDB-2022-019560 // VULMON: CVE-2022-45138

AFFECTED PRODUCTS

vendor:wagomodel:pfc200scope:ltversion:22

Trust: 1.0

vendor:wagomodel:pfc200scope:gteversion:16

Trust: 1.0

vendor:wagomodel:752-8303\/8000-002scope:eqversion:23

Trust: 1.0

vendor:wagomodel:pfc100scope:eqversion:23

Trust: 1.0

vendor:wagomodel:touch panel 600 advancedscope:eqversion:23

Trust: 1.0

vendor:wagomodel:touch panel 600 standardscope:gteversion:16

Trust: 1.0

vendor:wagomodel:touch panel 600 standardscope:ltversion:22

Trust: 1.0

vendor:wagomodel:751-9301scope:eqversion:22

Trust: 1.0

vendor:wagomodel:pfc200scope:eqversion:23

Trust: 1.0

vendor:wagomodel:touch panel 600 marinescope:ltversion:22

Trust: 1.0

vendor:wagomodel:touch panel 600 marinescope:eqversion:22

Trust: 1.0

vendor:wagomodel:touch panel 600 marinescope:gteversion:16

Trust: 1.0

vendor:wagomodel:touch panel 600 advancedscope:eqversion:22

Trust: 1.0

vendor:wagomodel:touch panel 600 advancedscope:gteversion:16

Trust: 1.0

vendor:wagomodel:touch panel 600 standardscope:eqversion:23

Trust: 1.0

vendor:wagomodel:751-9301scope:ltversion:22

Trust: 1.0

vendor:wagomodel:752-8303\/8000-002scope:eqversion:22

Trust: 1.0

vendor:wagomodel:751-9301scope:gteversion:16

Trust: 1.0

vendor:wagomodel:pfc100scope:ltversion:22

Trust: 1.0

vendor:wagomodel:pfc100scope:eqversion:22

Trust: 1.0

vendor:wagomodel:pfc200scope:eqversion:22

Trust: 1.0

vendor:wagomodel:751-9301scope:eqversion:23

Trust: 1.0

vendor:wagomodel:752-8303\/8000-002scope:gteversion:18

Trust: 1.0

vendor:wagomodel:752-8303\/8000-002scope:ltversion:22

Trust: 1.0

vendor:wagomodel:touch panel 600 advancedscope:ltversion:22

Trust: 1.0

vendor:wagomodel:touch panel 600 standardscope:eqversion:22

Trust: 1.0

vendor:wagomodel:pfc100scope:gteversion:16

Trust: 1.0

vendor:wagomodel:touch panel 600 marinescope:eqversion:23

Trust: 1.0

vendor:wagomodel:touch panel 600 advancedscope: - version: -

Trust: 0.8

vendor:wagomodel:pfc200scope: - version: -

Trust: 0.8

vendor:wagomodel:751-9301scope: - version: -

Trust: 0.8

vendor:wagomodel:touch panel 600 marinescope: - version: -

Trust: 0.8

vendor:wagomodel:pfc100scope: - version: -

Trust: 0.8

vendor:wagomodel:touch panel 600 standardscope: - version: -

Trust: 0.8

vendor:wagomodel:752-8303/8000-002scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-019560 // NVD: CVE-2022-45138

CVSS

SEVERITY

CVSSV2

CVSSV3

info@cert.vde.com: CVE-2022-45138
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2022-019560
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202302-2138
value: CRITICAL

Trust: 0.6

info@cert.vde.com:
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2022-019560
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-019560 // NVD: CVE-2022-45138 // CNNVD: CNNVD-202302-2138

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.0

problemtype:Lack of authentication for critical features (CWE-306) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-019560 // NVD: CVE-2022-45138

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-2138

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202302-2138

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-45138

PATCH
title:Multiple WAGO product Fixes for access control error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=226903
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202302-2138

EXTERNAL IDS
db:NVDid:CVE-2022-45138
Trust: 3.3
db:CERT@VDEid:VDE-2022-060
Trust: 2.5
db:JVNDBid:JVNDB-2022-019560
Trust: 0.8
db:CNNVDid:CNNVD-202302-2138
Trust: 0.6
db:VULMONid:CVE-2022-45138
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-45138 // 
            
            
            
            JVNDB: JVNDB-2022-019560 // 
            
            
            
            NVD: CVE-2022-45138 // 
            
            
            
            CNNVD: CNNVD-202302-2138

REFERENCES
url:https://cert.vde.com/en/advisories/vde-2022-060/
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2022-45138
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2022-45138/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/306.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-45138 // 
            
            
            
            JVNDB: JVNDB-2022-019560 // 
            
            
            
            NVD: CVE-2022-45138 // 
            
            
            
            CNNVD: CNNVD-202302-2138

SOURCES
db:VULMONid:CVE-2022-45138
db:JVNDBid:JVNDB-2022-019560
db:NVDid:CVE-2022-45138
db:CNNVDid:CNNVD-202302-2138

LAST UPDATE DATE
2023-12-18T12:14:57.218000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2022-45138date:2023-02-27T00:00:00
db:JVNDBid:JVNDB-2022-019560date:2023-10-26T05:47:00
db:NVDid:CVE-2022-45138date:2023-03-07T22:54:12.070
db:CNNVDid:CNNVD-202302-2138date:2023-02-28T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2022-45138date:2023-02-27T00:00:00
db:JVNDBid:JVNDB-2022-019560date:2023-10-26T00:00:00
db:NVDid:CVE-2022-45138date:2023-02-27T15:15:11.317
db:CNNVDid:CNNVD-202302-2138date:2023-02-27T00:00:00