Vulnerability Description
The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wago | 751-9301 Firmware | >= 16, < 22 |
| Wago | 751-9301 | - |
| Wago | 752-8303\/8000-002 Firmware | >= 18, < 22 |
| Wago | 752-8303\/8000-002 | - |
| Wago | Pfc100 Firmware | >= 16, < 22 |
| Wago | Pfc100 | - |
| Wago | Pfc200 Firmware | >= 16, < 22 |
| Wago | Pfc200 | - |
| Wago | Touch Panel 600 Advanced Firmware | >= 16, < 22 |
| Wago | Touch Panel 600 Advanced | - |
| Wago | Touch Panel 600 Marine Firmware | >= 16, < 22 |
| Wago | Touch Panel 600 Marine | - |
| Wago | Touch Panel 600 Standard Firmware | >= 16, < 22 |
| Wago | Touch Panel 600 Standard | - |
Related Weaknesses (CWE)
References
- https://cert.vde.com/en/advisories/VDE-2022-060/Third Party Advisory
- https://cert.vde.com/en/advisories/VDE-2022-060/Third Party Advisory
FAQ
What is CVE-2022-45138?
CVE-2022-45138 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated...
How severe is CVE-2022-45138?
CVE-2022-45138 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-45138?
Check the references section above for vendor advisories and patch information. Affected products include: Wago 751-9301 Firmware, Wago 751-9301, Wago 752-8303\/8000-002 Firmware, Wago 752-8303\/8000-002, Wago Pfc100 Firmware.