FKIE_CVE-2022-3738
Vulnerability from fkie_nvd - Published: 2023-01-19 12:15 - Updated: 2024-11-21 07:20
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.
References
| URL | Tags | ||
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2022-054/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2022-054/ | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:pfc100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15CC83F6-9816-482C-A026-7654BCC95D40",
"versionEndIncluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F636354-95A2-4B36-9666-1FA57F185432",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:pfc200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A4AEA6B-206A-4CEA-ACCE-145B139DF58B",
"versionEndIncluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "688A3248-7EAA-499D-A47C-A4D4900CDBD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:touch_panel_600_advanced_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35EF27EB-EE11-47B6-8382-47910AA3966B",
"versionEndIncluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:touch_panel_600_advanced:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8221861-7455-41D5-B310-6AEA822B46CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:touch_panel_600_standard_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A470D085-96C4-4DFE-A4E2-1407D49A4D9A",
"versionEndIncluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:touch_panel_600_standard:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6D7A44C-2D95-4F69-A7DB-435B0A6F9F03",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:touch_panel_600_marine_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79C7DB93-4282-49DB-B81E-44BBD826BFF8",
"versionEndIncluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:touch_panel_600_marine:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83DEFFBC-934D-43BE-92AE-25F8EE8C1E0A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:cc100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A3E10E2-A0AA-47E2-B314-51A86BEB2208",
"versionEndIncluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:cc100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "632388B3-E59E-480E-9F0F-08A9F4E87159",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:edge_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F31F6E66-78B4-4F7B-BAE6-0C38D1307A4B",
"versionEndIncluding": "22",
"versionStartIncluding": "16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:edge_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DFC57C8-6AF4-4771-B0A0-744137FBFECF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.\n"
},
{
"lang": "es",
"value": "La vulnerabilidad permite a un atacante remoto no autenticado descargar un archivo de copia de seguridad, si existe. Ese archivo de copia de seguridad puede contener informaci\u00f3n confidencial, como credenciales y material criptogr\u00e1fico. Un usuario v\u00e1lido debe crear una copia de seguridad despu\u00e9s del \u00faltimo reinicio para que este ataque tenga \u00e9xito."
}
],
"id": "CVE-2022-3738",
"lastModified": "2024-11-21T07:20:08.493",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-19T12:15:11.213",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-054/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-054/"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…