The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.
References
Link | Resource |
---|---|
https://cert.vde.com/en/advisories/VDE-2022-054/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
History
07 Nov 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
Summary | The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull. |
27 Jan 2023, 17:18
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.9 |
CPE | cpe:2.3:o:wago:touch_panel_600_advanced_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:wago:touch_panel_600_marine:-:*:*:*:*:*:*:* cpe:2.3:h:wago:edge_controller:-:*:*:*:*:*:*:* cpe:2.3:o:wago:cc100_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:* cpe:2.3:o:wago:touch_panel_600_marine_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:wago:pfc200_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:wago:touch_panel_600_standard:-:*:*:*:*:*:*:* cpe:2.3:o:wago:pfc100_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:* cpe:2.3:h:wago:cc100:-:*:*:*:*:*:*:* cpe:2.3:h:wago:touch_panel_600_advanced:-:*:*:*:*:*:*:* cpe:2.3:o:wago:edge_controller_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:wago:touch_panel_600_standard_firmware:*:*:*:*:*:*:*:* |
|
References | (MISC) https://cert.vde.com/en/advisories/VDE-2022-054/ - Third Party Advisory | |
First Time |
Wago pfc100 Firmware
Wago edge Controller Firmware Wago touch Panel 600 Standard Firmware Wago touch Panel 600 Marine Firmware Wago cc100 Wago cc100 Firmware Wago touch Panel 600 Advanced Wago pfc200 Firmware Wago touch Panel 600 Standard Wago pfc100 Wago edge Controller Wago touch Panel 600 Advanced Firmware Wago pfc200 Wago touch Panel 600 Marine Wago |
19 Jan 2023, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-19 12:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-3738
Mitre link : CVE-2022-3738
CVE.ORG link : CVE-2022-3738
JSON object : View
Products Affected
wago
- touch_panel_600_advanced_firmware
- cc100
- touch_panel_600_marine_firmware
- touch_panel_600_standard_firmware
- touch_panel_600_marine
- pfc100_firmware
- cc100_firmware
- edge_controller
- pfc200_firmware
- touch_panel_600_standard
- pfc200
- edge_controller_firmware
- touch_panel_600_advanced
- pfc100
CWE
CWE-306
Missing Authentication for Critical Function