FKIE_CVE-2022-3575

Vulnerability from fkie_nvd - Published: 2022-11-02 17:15 - Updated: 2024-11-21 07:19
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. This could lead to a complete compromise of the FDS102 device.
References
info@cert.vde.comhttps://www.frauscher.com/en/psirtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.frauscher.com/en/psirtVendor Advisory
Impacted products
Vendor Product Version
frauscher frauscher_diagnostic_system_102 2.8.0
frauscher frauscher_diagnostic_system_102 2.8.0
frauscher frauscher_diagnostic_system_102 2.9.0
frauscher frauscher_diagnostic_system_102 2.9.0
frauscher frauscher_diagnostic_system_102 2.9.1
frauscher frauscher_diagnostic_system_102 2.9.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:frauscher:frauscher_diagnostic_system_102:2.8.0:*:*:*:*:fadc_r2:*:*",
              "matchCriteriaId": "F46EB758-1260-40FB-A5D5-87C11CA5964B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:frauscher:frauscher_diagnostic_system_102:2.8.0:*:*:*:*:fadci_r2:*:*",
              "matchCriteriaId": "ADB27623-E59D-4062-90AB-7787624971B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:frauscher:frauscher_diagnostic_system_102:2.9.0:*:*:*:*:fadc_r2:*:*",
              "matchCriteriaId": "A66B5545-5CF4-4CD2-93BA-D77D5A889DD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:frauscher:frauscher_diagnostic_system_102:2.9.0:*:*:*:*:fadci_r2:*:*",
              "matchCriteriaId": "FC2D7FAF-C89C-49DC-B85A-BD36E4B7B9A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:frauscher:frauscher_diagnostic_system_102:2.9.1:*:*:*:*:fadc_r2:*:*",
              "matchCriteriaId": "27810BDA-FED1-48CD-B3D8-6B60C0B9195C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:frauscher:frauscher_diagnostic_system_102:2.9.1:*:*:*:*:fadci_r2:*:*",
              "matchCriteriaId": "F32CAEB4-0CCD-463D-AAFE-88AD4FF6D3EB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. This could lead to a complete compromise of the FDS102 device."
    },
    {
      "lang": "es",
      "value": "Frauscher Sensortechnik GmbH FDS102 para FAdC R2 y FAdCi R2 v2.8.0 a v2.9.1 son vulnerables a la carga de c\u00f3digos maliciosos sin autenticaci\u00f3n mediante la funci\u00f3n de carga de configuraci\u00f3n. Esto podr\u00eda provocar un compromiso total del dispositivo FDS102."
    }
  ],
  "id": "CVE-2022-3575",
  "lastModified": "2024-11-21T07:19:48.033",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "info@cert.vde.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-11-02T17:15:18.673",
  "references": [
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.frauscher.com/en/psirt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.frauscher.com/en/psirt"
    }
  ],
  "sourceIdentifier": "info@cert.vde.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "info@cert.vde.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.