CVE-2022-3281 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2022-3281?

CVE-2022-3281 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-3281?

Check the references section above for vendor advisories and patch information. Affected products include: Wago 750-8100 Firmware, Wago 750-8100, Wago 750-8101 Firmware, Wago 750-8101, Wago 750-8101\/000-010 Firmware.

Vulnerability Description

WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that should be protected by the MAC address filter.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Wago	750-8100 Firmware	>= 03.01.07\(13\), <= 03.10.08\(22\)
Wago	750-8100	-
Wago	750-8101 Firmware	>= 03.01.07\(13\), <= 03.10.08\(22\)
Wago	750-8101	-
Wago	750-8101\/000-010 Firmware	>= 03.01.07\(13\), <= 03.10.08\(22\)
Wago	750-8101\/000-010	-
Wago	750-8101\/025-000 Firmware	>= 03.01.07\(13\), <= 03.10.08\(22\)
Wago	750-8101\/025-000	-
Wago	750-8102 Firmware	>= 03.01.07\(13\), <= 03.10.08\(22\)
Wago	750-8102	-
Wago	750-8102\/025-000 Firmware	>= 03.01.07\(13\), <= 03.10.08\(22\)
Wago	750-8102\/025-000	-
Wago	750-8202\/000-011 Firmware	>= 03.01.07\(13\), <= 03.10.08\(22\)
Wago	750-8202\/000-011	-
Wago	750-8202\/000-012 Firmware	>= 03.01.07\(13\), <= 03.10.08\(22\)
Wago	750-8202\/000-012	-
Wago	750-8202\/000-022 Firmware	>= 03.01.07\(13\), <= 03.10.08\(22\)
Wago	750-8202\/000-022	-
Wago	750-8206 Firmware	>= 03.01.07\(13\), <= 03.10.08\(22\)
Wago	750-8206	-

Related Weaknesses (CWE)

CWE-440

References

https://cert.vde.com/en/advisories/VDE-2022-042/MitigationThird Party Advisory
https://cert.vde.com/en/advisories/VDE-2022-042/MitigationThird Party Advisory

FAQ

What is CVE-2022-3281?

CVE-2022-3281 is a vulnerability with a CVSS score of 7.5 (HIGH). WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote...

How severe is CVE-2022-3281?

CVE-2022-3281 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-3281?

Check the references section above for vendor advisories and patch information. Affected products include: Wago 750-8100 Firmware, Wago 750-8100, Wago 750-8101 Firmware, Wago 750-8101, Wago 750-8101\/000-010 Firmware.