Vulnerability Description
A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wago | 751-9301 Firmware | >= 16, < 22 |
| Wago | 751-9301 | - |
| Wago | 752-8303\/8000-002 Firmware | >= 18, < 22 |
| Wago | 752-8303\/8000-002 | - |
| Wago | Pfc100 Firmware | >= 16, < 22 |
| Wago | Pfc100 | - |
| Wago | Pfc200 Firmware | >= 16, < 22 |
| Wago | Pfc200 | - |
| Wago | Touch Panel 600 Advanced Firmware | >= 16, < 22 |
| Wago | Touch Panel 600 Advanced | - |
| Wago | Touch Panel 600 Marine Firmware | >= 16, < 22 |
| Wago | Touch Panel 600 Marine | - |
| Wago | Touch Panel 600 Standard Firmware | >= 16, < 22 |
| Wago | Touch Panel 600 Standard | - |
Related Weaknesses (CWE)
References
- https://cert.vde.com/en/advisories/VDE-2022-060/Third Party Advisory
- https://cert.vde.com/en/advisories/VDE-2022-060/Third Party Advisory
FAQ
What is CVE-2022-45139?
CVE-2022-45139 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead ...
How severe is CVE-2022-45139?
CVE-2022-45139 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-45139?
Check the references section above for vendor advisories and patch information. Affected products include: Wago 751-9301 Firmware, Wago 751-9301, Wago 752-8303\/8000-002 Firmware, Wago 752-8303\/8000-002, Wago Pfc100 Firmware.