The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise.
References
Link | Resource |
---|---|
https://cert.vde.com/en/advisories/VDE-2022-060/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
History
07 Mar 2023, 21:49
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:wago:touch_panel_600_advanced_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:wago:touch_panel_600_marine:-:*:*:*:*:*:*:* cpe:2.3:h:wago:752-8303\/8000-002:-:*:*:*:*:*:*:* cpe:2.3:o:wago:751-9301_firmware:23:*:*:*:*:*:*:* cpe:2.3:o:wago:touch_panel_600_marine_firmware:22:-:*:*:*:*:*:* cpe:2.3:o:wago:pfc100_firmware:22:-:*:*:*:*:*:* cpe:2.3:o:wago:touch_panel_600_advanced_firmware:23:*:*:*:*:*:*:* cpe:2.3:o:wago:752-8303\/8000-002_firmware:23:*:*:*:*:*:*:* cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:* cpe:2.3:o:wago:touch_panel_600_marine_firmware:23:*:*:*:*:*:*:* cpe:2.3:o:wago:pfc100_firmware:23:*:*:*:*:*:*:* cpe:2.3:h:wago:751-9301:-:*:*:*:*:*:*:* cpe:2.3:o:wago:pfc200_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:wago:touch_panel_600_advanced:-:*:*:*:*:*:*:* cpe:2.3:o:wago:pfc200_firmware:22:-:*:*:*:*:*:* cpe:2.3:o:wago:751-9301_firmware:22:-:*:*:*:*:*:* cpe:2.3:o:wago:touch_panel_600_standard_firmware:22:-:*:*:*:*:*:* cpe:2.3:o:wago:752-8303\/8000-002_firmware:22:-:*:*:*:*:*:* cpe:2.3:o:wago:touch_panel_600_advanced_firmware:22:-:*:*:*:*:*:* cpe:2.3:o:wago:752-8303\/8000-002_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:wago:751-9301_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:wago:touch_panel_600_marine_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:wago:touch_panel_600_standard:-:*:*:*:*:*:*:* cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:* cpe:2.3:o:wago:pfc100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:wago:touch_panel_600_standard_firmware:23:*:*:*:*:*:*:* cpe:2.3:o:wago:pfc200_firmware:23:*:*:*:*:*:*:* cpe:2.3:o:wago:touch_panel_600_standard_firmware:*:*:*:*:*:*:*:* |
|
References | (MISC) https://cert.vde.com/en/advisories/VDE-2022-060/ - Third Party Advisory | |
First Time |
Wago pfc100 Firmware
Wago 751-9301 Wago touch Panel 600 Standard Firmware Wago touch Panel 600 Marine Firmware Wago 751-9301 Firmware Wago 752-8303\/8000-002 Firmware Wago touch Panel 600 Advanced Wago pfc200 Firmware Wago touch Panel 600 Standard Wago pfc100 Wago 752-8303\/8000-002 Wago touch Panel 600 Advanced Firmware Wago pfc200 Wago touch Panel 600 Marine Wago |
27 Feb 2023, 15:20
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-27 15:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-45140
Mitre link : CVE-2022-45140
CVE.ORG link : CVE-2022-45140
JSON object : View
Products Affected
wago
- touch_panel_600_advanced_firmware
- touch_panel_600_marine_firmware
- touch_panel_600_standard_firmware
- 751-9301_firmware
- pfc100_firmware
- touch_panel_600_marine
- pfc200_firmware
- touch_panel_600_standard
- pfc200
- 752-8303\/8000-002_firmware
- 751-9301
- 752-8303\/8000-002
- touch_panel_600_advanced
- pfc100
CWE
CWE-306
Missing Authentication for Critical Function