Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be successful a user interaction is required.
References
Link | Resource |
---|---|
https://cert.vde.com/de/advisories/VDE-2022-043 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
Configuration 15 (hide)
AND |
|
Configuration 16 (hide)
AND |
|
Configuration 17 (hide)
AND |
|
History
01 Dec 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be successful a user interaction is required. |
21 Nov 2022, 08:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
Summary | Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to the his account on the the device. |
15 Nov 2022, 17:33
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://cert.vde.com/de/advisories/VDE-2022-043 - Vendor Advisory | |
CWE | CWE-330 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:h:wut:com-server_highspeed_100basefx:-:*:*:*:*:*:*:* cpe:2.3:o:wut:com-server_highspeed_19\"_4port_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:wut:com-server_highspeed_poe:-:*:*:*:*:*:*:* cpe:2.3:h:wut:com-server_highspeed_19\"_4port:-:*:*:*:*:*:*:* cpe:2.3:h:wut:com-server_highspeed_isolated:-:*:*:*:*:*:*:* cpe:2.3:o:wut:com-server_highspeed_poe_3x_isolated_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:wut:com-server_highspeed_industry_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:wut:com-server_highspeed_isolated_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:wut:at-modem-emulator:-:*:*:*:*:*:*:* cpe:2.3:o:wut:com-server_highspeed_poe_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:wut:com-server_highspeed_ul:-:*:*:*:*:*:*:* cpe:2.3:h:wut:com-server_highspeed_compact:-:*:*:*:*:*:*:* cpe:2.3:o:wut:at-modem-emulator_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:wut:com-server_highspeed_office_1port_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:wut:com-server_highspeed_100basefx_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:wut:com-server_highspeed_oem:-:*:*:*:*:*:*:* cpe:2.3:o:wut:com-server_highspeed_ul_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:wut:com-server_highspeed_poe_3x_isolated:-:*:*:*:*:*:*:* cpe:2.3:h:wut:com-server_highspeed_lc:-:*:*:*:*:*:*:* cpe:2.3:o:wut:com-server_\+\+_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:wut:com-server_20ma:-:*:*:*:*:*:*:* cpe:2.3:o:wut:com-server_highspeed_19\"_1port_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:wut:com-server_highspeed_19\"_1port:-:*:*:*:*:*:*:* cpe:2.3:h:wut:com-server_highspeed_office_1port:-:*:*:*:*:*:*:* cpe:2.3:o:wut:com-server_20ma_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:wut:com-server_highspeed_oem_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:wut:com-server_highspeed_100baselx_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:wut:com-server_highspeed_lc_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:wut:com-server_highspeed_compact_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:wut:com-server_highspeed_office_4port:-:*:*:*:*:*:*:* cpe:2.3:o:wut:com-server_highspeed_office_4port_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:wut:com-server_\+\+:-:*:*:*:*:*:*:* cpe:2.3:h:wut:com-server_highspeed_100baselx:-:*:*:*:*:*:*:* cpe:2.3:h:wut:com-server_highspeed_industry:-:*:*:*:*:*:*:* |
|
First Time |
Wut com-server Highspeed Oem
Wut com-server Highspeed Compact Firmware Wut com-server Highspeed Isolated Firmware Wut com-server Highspeed Poe Wut com-server Highspeed Office 4port Wut com-server Highspeed Isolated Wut com-server Highspeed 100basefx Wut com-server Highspeed Ul Firmware Wut com-server Highspeed Poe 3x Isolated Firmware Wut com-server Highspeed 100baselx Firmware Wut com-server Highspeed Poe Firmware Wut com-server Highspeed 19\" 1port Wut com-server Highspeed Office 1port Wut com-server 20ma Firmware Wut com-server \+\+ Wut com-server Highspeed Lc Firmware Wut com-server Highspeed Office 1port Firmware Wut com-server Highspeed Lc Wut com-server 20ma Wut Wut com-server Highspeed 19\" 4port Firmware Wut com-server Highspeed Industry Firmware Wut com-server Highspeed Poe 3x Isolated Wut at-modem-emulator Firmware Wut com-server Highspeed Oem Firmware Wut com-server Highspeed 19\" 1port Firmware Wut com-server Highspeed 100basefx Firmware Wut at-modem-emulator Wut com-server Highspeed Industry Wut com-server Highspeed Compact Wut com-server Highspeed Office 4port Firmware Wut com-server Highspeed Ul Wut com-server \+\+ Firmware Wut com-server Highspeed 19\" 4port Wut com-server Highspeed 100baselx |
10 Nov 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-10 12:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-42787
Mitre link : CVE-2022-42787
CVE.ORG link : CVE-2022-42787
JSON object : View
Products Affected
wut
- com-server_20ma
- com-server_\+\+_firmware
- com-server_highspeed_poe_3x_isolated_firmware
- com-server_highspeed_office_1port_firmware
- com-server_highspeed_industry_firmware
- com-server_highspeed_ul_firmware
- com-server_highspeed_industry
- com-server_20ma_firmware
- com-server_highspeed_office_4port_firmware
- com-server_highspeed_lc
- com-server_highspeed_19\"_1port_firmware
- com-server_highspeed_19\"_1port
- com-server_highspeed_19\"_4port
- com-server_highspeed_office_1port
- com-server_highspeed_100basefx_firmware
- com-server_highspeed_100baselx
- com-server_highspeed_poe_3x_isolated
- com-server_highspeed_oem_firmware
- at-modem-emulator
- com-server_highspeed_isolated
- com-server_highspeed_lc_firmware
- com-server_highspeed_100baselx_firmware
- com-server_highspeed_poe
- com-server_\+\+
- com-server_highspeed_isolated_firmware
- com-server_highspeed_oem
- com-server_highspeed_poe_firmware
- com-server_highspeed_office_4port
- com-server_highspeed_19\"_4port_firmware
- com-server_highspeed_ul
- at-modem-emulator_firmware
- com-server_highspeed_compact_firmware
- com-server_highspeed_compact
- com-server_highspeed_100basefx
CWE
CWE-330
Use of Insufficiently Random Values