Vulnerability Description
Multiple Lenze products of the cabinet series skip the password verification upon second login. After a user has been logged on to the device once, a remote attacker can get full access without knowledge of the password.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lenze | C520 Firmware | >= 1.07.00.2757, < 01.08.01.3021 |
| Lenze | C520 | - |
| Lenze | C550 Firmware | >= 1.07.00.2757, < 01.08.01.3021 |
| Lenze | C550 | - |
| Lenze | C750 Firmware | >= 1.07.00.2757, < 01.08.01.3021 |
| Lenze | C750 | - |
Related Weaknesses (CWE)
References
- https://cert.vde.com/en/advisories/VDE-2022-030/MitigationThird Party Advisory
- https://cert.vde.com/en/advisories/VDE-2022-030/MitigationThird Party Advisory
FAQ
What is CVE-2022-2302?
CVE-2022-2302 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Multiple Lenze products of the cabinet series skip the password verification upon second login. After a user has been logged on to the device once, a remote attacker can get full access without knowle...
How severe is CVE-2022-2302?
CVE-2022-2302 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-2302?
Check the references section above for vendor advisories and patch information. Affected products include: Lenze C520 Firmware, Lenze C520, Lenze C550 Firmware, Lenze C550, Lenze C750 Firmware.