The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device.
References
Link | Resource |
---|---|
https://cert.vde.com/en/advisories/VDE-2022-060/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
History
07 Mar 2023, 22:54
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://cert.vde.com/en/advisories/VDE-2022-060/ - Third Party Advisory | |
First Time |
Wago pfc100 Firmware
Wago 751-9301 Wago touch Panel 600 Standard Firmware Wago touch Panel 600 Marine Firmware Wago 751-9301 Firmware Wago 752-8303\/8000-002 Firmware Wago touch Panel 600 Advanced Wago pfc200 Firmware Wago touch Panel 600 Standard Wago pfc100 Wago 752-8303\/8000-002 Wago touch Panel 600 Advanced Firmware Wago pfc200 Wago touch Panel 600 Marine Wago |
|
CPE | cpe:2.3:o:wago:touch_panel_600_advanced_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:wago:touch_panel_600_marine:-:*:*:*:*:*:*:* cpe:2.3:h:wago:752-8303\/8000-002:-:*:*:*:*:*:*:* cpe:2.3:o:wago:751-9301_firmware:23:*:*:*:*:*:*:* cpe:2.3:o:wago:touch_panel_600_marine_firmware:22:-:*:*:*:*:*:* cpe:2.3:o:wago:pfc100_firmware:22:-:*:*:*:*:*:* cpe:2.3:o:wago:touch_panel_600_advanced_firmware:23:*:*:*:*:*:*:* cpe:2.3:o:wago:752-8303\/8000-002_firmware:23:*:*:*:*:*:*:* cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:* cpe:2.3:o:wago:touch_panel_600_marine_firmware:23:*:*:*:*:*:*:* cpe:2.3:o:wago:pfc100_firmware:23:*:*:*:*:*:*:* cpe:2.3:h:wago:751-9301:-:*:*:*:*:*:*:* cpe:2.3:o:wago:pfc200_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:wago:touch_panel_600_advanced:-:*:*:*:*:*:*:* cpe:2.3:o:wago:pfc200_firmware:22:-:*:*:*:*:*:* cpe:2.3:o:wago:751-9301_firmware:22:-:*:*:*:*:*:* cpe:2.3:o:wago:touch_panel_600_standard_firmware:22:-:*:*:*:*:*:* cpe:2.3:o:wago:752-8303\/8000-002_firmware:22:-:*:*:*:*:*:* cpe:2.3:o:wago:touch_panel_600_advanced_firmware:22:-:*:*:*:*:*:* cpe:2.3:o:wago:752-8303\/8000-002_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:wago:751-9301_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:wago:touch_panel_600_marine_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:wago:touch_panel_600_standard:-:*:*:*:*:*:*:* cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:* cpe:2.3:o:wago:pfc100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:wago:touch_panel_600_standard_firmware:23:*:*:*:*:*:*:* cpe:2.3:o:wago:pfc200_firmware:23:*:*:*:*:*:*:* cpe:2.3:o:wago:touch_panel_600_standard_firmware:*:*:*:*:*:*:*:* |
27 Feb 2023, 15:20
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-27 15:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-45138
Mitre link : CVE-2022-45138
CVE.ORG link : CVE-2022-45138
JSON object : View
Products Affected
wago
- touch_panel_600_advanced_firmware
- touch_panel_600_marine_firmware
- touch_panel_600_standard_firmware
- 751-9301_firmware
- pfc100_firmware
- touch_panel_600_marine
- pfc200_firmware
- touch_panel_600_standard
- pfc200
- 752-8303\/8000-002_firmware
- 751-9301
- 752-8303\/8000-002
- touch_panel_600_advanced
- pfc100
CWE
CWE-306
Missing Authentication for Critical Function