CVE-2022-42787 — HIGH (8.8)

Q: How severe is CVE-2022-42787?

CVE-2022-42787 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-42787?

Check the references section above for vendor advisories and patch information. Affected products include: Wut At-Modem-Emulator Firmware, Wut At-Modem-Emulator, Wut Com-Server \+\+ Firmware, Wut Com-Server \+\+, Wut Com-Server 20Ma Firmware.

Vulnerability Description

Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be successful a user interaction is required.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Wut	At-Modem-Emulator Firmware	< 1.48
Wut	At-Modem-Emulator	-
Wut	Com-Server \+\+ Firmware	< 1.48
Wut	Com-Server \+\+	-
Wut	Com-Server 20Ma Firmware	< 1.48
Wut	Com-Server 20Ma	-
Wut	Com-Server Highspeed 100Basefx Firmware	< 1.76
Wut	Com-Server Highspeed 100Basefx	-
Wut	Com-Server Highspeed 100Baselx Firmware	< 1.76
Wut	Com-Server Highspeed 100Baselx	-
Wut	Com-Server Highspeed 19\" 1Port Firmware	< 1.76
Wut	Com-Server Highspeed 19\" 1Port	-
Wut	Com-Server Highspeed 19\" 4Port Firmware	< 1.76
Wut	Com-Server Highspeed 19\" 4Port	-
Wut	Com-Server Highspeed Compact Firmware	< 1.76
Wut	Com-Server Highspeed Compact	-
Wut	Com-Server Highspeed Industry Firmware	< 1.76
Wut	Com-Server Highspeed Industry	-
Wut	Com-Server Highspeed Isolated Firmware	< 1.76
Wut	Com-Server Highspeed Isolated	-

Related Weaknesses (CWE)

CWE-330

References

https://cert.vde.com/de/advisories/VDE-2022-043Vendor Advisory
https://cert.vde.com/de/advisories/VDE-2022-043Vendor Advisory

FAQ

What is CVE-2022-42787?

CVE-2022-42787 is a vulnerability with a CVSS score of 8.8 (HIGH). Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and ge...

How severe is CVE-2022-42787?

CVE-2022-42787 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-42787?

Check the references section above for vendor advisories and patch information. Affected products include: Wut At-Modem-Emulator Firmware, Wut At-Modem-Emulator, Wut Com-Server \+\+ Firmware, Wut Com-Server \+\+, Wut Com-Server 20Ma Firmware.