Vulnerability Description
The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wago | 751-9301 Firmware | >= 16, < 22 |
| Wago | 751-9301 | - |
| Wago | 752-8303\/8000-002 Firmware | >= 18, < 22 |
| Wago | 752-8303\/8000-002 | - |
| Wago | Pfc100 Firmware | >= 16, < 22 |
| Wago | Pfc100 | - |
| Wago | Pfc200 Firmware | >= 16, < 22 |
| Wago | Pfc200 | - |
| Wago | Touch Panel 600 Advanced Firmware | >= 16, < 22 |
| Wago | Touch Panel 600 Advanced | - |
| Wago | Touch Panel 600 Marine Firmware | >= 16, < 22 |
| Wago | Touch Panel 600 Marine | - |
| Wago | Touch Panel 600 Standard Firmware | >= 16, < 22 |
| Wago | Touch Panel 600 Standard | - |
Related Weaknesses (CWE)
References
- https://cert.vde.com/en/advisories/VDE-2022-060/Third Party Advisory
- https://cert.vde.com/en/advisories/VDE-2022-060/Third Party Advisory
FAQ
What is CVE-2022-45140?
CVE-2022-45140 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromi...
How severe is CVE-2022-45140?
CVE-2022-45140 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-45140?
Check the references section above for vendor advisories and patch information. Affected products include: Wago 751-9301 Firmware, Wago 751-9301, Wago 752-8303\/8000-002 Firmware, Wago 752-8303\/8000-002, Wago Pfc100 Firmware.