FKIE_CVE-2022-45139

Vulnerability from fkie_nvd - Published: 2023-02-27 15:15 - Updated: 2024-11-21 07:28
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality.
References
info@cert.vde.comhttps://cert.vde.com/en/advisories/VDE-2022-060/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert.vde.com/en/advisories/VDE-2022-060/Third Party Advisory
Impacted products
Vendor Product Version
wago 751-9301_firmware *
wago 751-9301_firmware 22
wago 751-9301_firmware 23
wago 751-9301 -
wago 752-8303\/8000-002_firmware *
wago 752-8303\/8000-002_firmware 22
wago 752-8303\/8000-002_firmware 23
wago 752-8303\/8000-002 -
wago pfc100_firmware *
wago pfc100_firmware 22
wago pfc100_firmware 23
wago pfc100 -
wago pfc200_firmware *
wago pfc200_firmware 22
wago pfc200_firmware 23
wago pfc200 -
wago touch_panel_600_advanced_firmware *
wago touch_panel_600_advanced_firmware 22
wago touch_panel_600_advanced_firmware 23
wago touch_panel_600_advanced -
wago touch_panel_600_marine_firmware *
wago touch_panel_600_marine_firmware 22
wago touch_panel_600_marine_firmware 23
wago touch_panel_600_marine -
wago touch_panel_600_standard_firmware *
wago touch_panel_600_standard_firmware 22
wago touch_panel_600_standard_firmware 23
wago touch_panel_600_standard -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:wago:751-9301_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D694685C-2D87-4C94-9957-6B921E8836CF",
              "versionEndExcluding": "22",
              "versionStartIncluding": "16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:wago:751-9301_firmware:22:-:*:*:*:*:*:*",
              "matchCriteriaId": "E42B14D3-F36A-4213-8447-870E9FC60F48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:wago:751-9301_firmware:23:*:*:*:*:*:*:*",
              "matchCriteriaId": "84839593-47AD-47C1-8762-FAF10070BCAD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:wago:751-9301:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "385FE0DA-6383-4EF7-835A-055EB0D22EB8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:wago:752-8303\\/8000-002_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4958E9ED-6410-4F34-B582-7532A7F3101C",
              "versionEndExcluding": "22",
              "versionStartIncluding": "18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:wago:752-8303\\/8000-002_firmware:22:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4761AA7-B270-485C-B929-34384145DCBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:wago:752-8303\\/8000-002_firmware:23:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B514966-03EE-4710-89C0-E8FE771E79CD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:wago:752-8303\\/8000-002:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "915B0745-EB00-40AD-80BA-887EFB435901",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:wago:pfc100_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0044A0A-90FD-4C5E-B1F9-A7A0B9EF0BE8",
              "versionEndExcluding": "22",
              "versionStartIncluding": "16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:wago:pfc100_firmware:22:-:*:*:*:*:*:*",
              "matchCriteriaId": "4815DFF8-0CAE-4C85-9F5B-F64C12F43AB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:wago:pfc100_firmware:23:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C84D09E-A681-47F1-AC37-850BF6E47D01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F636354-95A2-4B36-9666-1FA57F185432",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:wago:pfc200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEF2D886-205E-46D2-80DA-2E594F867EE5",
              "versionEndExcluding": "22",
              "versionStartIncluding": "16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:wago:pfc200_firmware:22:-:*:*:*:*:*:*",
              "matchCriteriaId": "B876DC19-0523-41DB-8BD7-1ECC09FCFA01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:wago:pfc200_firmware:23:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE108CD0-B451-4ED5-83A1-CCEAACC1B40C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "688A3248-7EAA-499D-A47C-A4D4900CDBD1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:wago:touch_panel_600_advanced_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE5248EE-90DF-446C-BC44-D5AF5EDB45A1",
              "versionEndExcluding": "22",
              "versionStartIncluding": "16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:wago:touch_panel_600_advanced_firmware:22:-:*:*:*:*:*:*",
              "matchCriteriaId": "9A613D7C-29C0-4D4E-ACDA-15BBC6FF0104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:wago:touch_panel_600_advanced_firmware:23:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D06AC6E-2EB2-4ACB-A6CA-E7AB88540713",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:wago:touch_panel_600_advanced:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8221861-7455-41D5-B310-6AEA822B46CF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:wago:touch_panel_600_marine_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FF35303-B999-40FE-8DC1-C18243F13FE7",
              "versionEndExcluding": "22",
              "versionStartIncluding": "16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:wago:touch_panel_600_marine_firmware:22:-:*:*:*:*:*:*",
              "matchCriteriaId": "774CFF47-61B6-48F8-8E1F-E3DC215066AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:wago:touch_panel_600_marine_firmware:23:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD092B48-C42A-409E-AC9C-F523AD654C1B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:wago:touch_panel_600_marine:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "83DEFFBC-934D-43BE-92AE-25F8EE8C1E0A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:wago:touch_panel_600_standard_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B8C054D-F02F-48A0-85D0-DFF90E9C31BB",
              "versionEndExcluding": "22",
              "versionStartIncluding": "16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:wago:touch_panel_600_standard_firmware:22:-:*:*:*:*:*:*",
              "matchCriteriaId": "FA7A911A-395A-4536-8756-83DB2F62899D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:wago:touch_panel_600_standard_firmware:23:*:*:*:*:*:*:*",
              "matchCriteriaId": "263C0C64-F5B4-43C3-BF26-AF24DFA74699",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:wago:touch_panel_600_standard:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6D7A44C-2D95-4F69-A7DB-435B0A6F9F03",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality."
    }
  ],
  "id": "CVE-2022-45139",
  "lastModified": "2024-11-21T07:28:50.013",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "info@cert.vde.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-02-27T15:15:11.407",
  "references": [
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en/advisories/VDE-2022-060/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en/advisories/VDE-2022-060/"
    }
  ],
  "sourceIdentifier": "info@cert.vde.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-346"
        }
      ],
      "source": "info@cert.vde.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-346"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.