Vulnerability-Lookup - Search a vulnerability

All the vulnerabilites related to WAGO - Series WAGO PFC200

cve-2022-3738

Vulnerability from cvelistv5

Published

2023-01-19 11:27

Modified

2024-08-03 01:20

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

WAGO: Missing authentication for config export functionality in multiple products

References

▼	URL	Tags
	https://cert.vde.com/en/advisories/VDE-2022-054/

Impacted products

▼	Vendor	Product
	WAGO	Series WAGO PFC100
	WAGO	Series WAGO PFC200
	WAGO	Series WAGO Touch Panel 600 Advanced Line
	WAGO	Series WAGO Touch Panel 600 Marine Line
	WAGO	Series WAGO Touch Panel 600 Standard Line
	WAGO	WAGO Compact Controller CC100
	WAGO	WAGO Edge Controller

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:20:57.784Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en/advisories/VDE-2022-054/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Series WAGO PFC100",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "FW22",
              "status": "affected",
              "version": "FW16",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Series WAGO PFC200",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "FW22",
              "status": "affected",
              "version": "FW16",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Series WAGO Touch Panel 600 Advanced Line",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "FW22",
              "status": "affected",
              "version": "FW16",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Series WAGO Touch Panel 600 Marine Line",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "FW22",
              "status": "affected",
              "version": "FW16",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Series WAGO Touch Panel 600 Standard Line",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "FW22",
              "status": "affected",
              "version": "FW16",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WAGO Compact Controller CC100",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "FW22",
              "status": "affected",
              "version": "FW16",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WAGO Edge Controller",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "FW22",
              "status": "affected",
              "version": "FW16",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2023-01-12T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-1",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306 Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-07T09:43:18.629Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://cert.vde.com/en/advisories/VDE-2022-054/"
        }
      ],
      "source": {
        "advisory": "VDE-2022-054",
        "defect": [
          "CERT@VDE#64273"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "WAGO: Missing authentication for config export functionality in multiple products",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2022-3738",
    "datePublished": "2023-01-19T11:27:51.814Z",
    "dateReserved": "2022-10-28T07:18:40.653Z",
    "dateUpdated": "2024-08-03T01:20:57.784Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}