VDE-2022-057
Vulnerability from csaf_wiesemanntheisgmbh - Published: 2022-12-13 07:00 - Updated: 2025-05-14 13:00Summary
Wiesemann & Theis multiple products prone to web interface vulnerability
Notes
Summary: Multiple Wiesemann & Theis product families are affected by a vulnerability in the web interface. The device allows an unauthenticated attacker to get the session ID of a logged in user. He may then spoof his IP address to act as the logged in user.
Impact: The attacker can set all settings and take over the device completely.
Remediation: Update Com-Server family to version 1.55 Update Com-Server Highspeed family to version 1.78 or higher
Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. During an authenticated session to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and change arbitrary settings by crafting modified HTTP Get requests. This may result in a complete takeover of the device.
7.1 (High)
Vendor Fix
Update Com-Server family to version 1.55 Update Com-Server Highspeed family to version 1.78 or higher
References
| URL | Category | |
|---|---|---|
Acknowledgments
CERT@VDE
Martin Weiß
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination"
},
{
"organization": "Martin Wei\u00df",
"summary": "disclosing this vulnerability"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Multiple Wiesemann \u0026 Theis product families are affected by a vulnerability in the web interface.\u00a0The device allows\u00a0an unauthenticated\u00a0attacker to get the session ID of a logged in user. He may then spoof his IP address to act as the logged in user.",
"title": "Summary"
},
{
"category": "description",
"text": "The attacker can set all settings and take over the device completely.",
"title": "Impact"
},
{
"category": "description",
"text": "Update Com-Server family to version 1.55 Update Com-Server Highspeed family to version 1.78 or higher",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "security@wut.de",
"name": "Wiesemann \u0026 Theis GmbH",
"namespace": "https://www.wut.de"
},
"references": [
{
"category": "external",
"summary": "Wiesemann \u0026 Theis PSIRT ",
"url": "https://www.wut.de"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Wiesemann \u0026 Theis GmbH",
"url": "https://certvde.com/en/advisories/vendor/wut/"
},
{
"category": "self",
"summary": "VDE-2022-057: Wiesemann \u0026 Theis multiple products prone to web interface vulnerability - HTML",
"url": "https://certvde.com/en/advisories/VDE-2022-057/"
},
{
"category": "self",
"summary": "VDE-2022-057: Wiesemann \u0026 Theis multiple products prone to web interface vulnerability - CSAF",
"url": "https://wut.csaf-tp.certvde.com/.well-known/csaf/white/2022/vde-2022-057.json"
}
],
"title": "Wiesemann \u0026 Theis multiple products prone to web interface vulnerability",
"tracking": {
"aliases": [
"VDE-2022-057"
],
"current_release_date": "2025-05-14T13:00:14.000Z",
"generator": {
"date": "2025-03-20T10:27:14.854Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.21"
}
},
"id": "VDE-2022-057",
"initial_release_date": "2022-12-13T07:00:00.000Z",
"revision_history": [
{
"date": "2022-12-13T07:00:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-05-14T13:00:14.000Z",
"number": "2",
"summary": "Fix: added distribution"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.55",
"product": {
"name": "Com-Server ++ \u003c1.55",
"product_id": "CSAFPID-51001",
"product_identification_helper": {
"model_numbers": [
"58665"
]
}
}
},
{
"category": "product_version",
"name": "1.55",
"product": {
"name": "Com-Server ++ 1.55",
"product_id": "CSAFPID-52001"
}
}
],
"category": "product_name",
"name": "Com-Server ++"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.55",
"product": {
"name": "Com-Server 20mA \u003c1.55",
"product_id": "CSAFPID-51002",
"product_identification_helper": {
"model_numbers": [
"58664"
]
}
}
},
{
"category": "product_version",
"name": "1.55",
"product": {
"name": "Com-Server 20mA 1.55",
"product_id": "CSAFPID-52002"
}
}
],
"category": "product_name",
"name": "Com-Server 20mA"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.78",
"product": {
"name": "Com-Server Highspeed 100BaseFX \u003c1.78",
"product_id": "CSAFPID-51003",
"product_identification_helper": {
"model_numbers": [
"58651"
]
}
}
},
{
"category": "product_version",
"name": "1.78",
"product": {
"name": "Com-Server Highspeed 100BaseFX 1.78",
"product_id": "CSAFPID-52003"
}
}
],
"category": "product_name",
"name": "Com-Server Highspeed 100BaseFX"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.78",
"product": {
"name": "Com-Server Highspeed 100BaseLX \u003c1.78",
"product_id": "CSAFPID-51004",
"product_identification_helper": {
"model_numbers": [
"58652"
]
}
}
},
{
"category": "product_version",
"name": "1.78",
"product": {
"name": "Software Com-Server Highspeed 100BaseLX 1.78",
"product_id": "CSAFPID-52004"
}
}
],
"category": "product_name",
"name": "Com-Server Highspeed 100BaseLX"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.78",
"product": {
"name": "Com-Server Highspeed 19\" 1Port \u003c1.78",
"product_id": "CSAFPID-51005",
"product_identification_helper": {
"model_numbers": [
"58331"
]
}
}
},
{
"category": "product_version",
"name": "1.78",
"product": {
"name": "Com-Server Highspeed 19\" 1Port 1.78",
"product_id": "CSAFPID-52005"
}
}
],
"category": "product_name",
"name": "Com-Server Highspeed 19\" 1Port"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.78",
"product": {
"name": "Com-Server Highspeed 19\" 4Port \u003c1.78",
"product_id": "CSAFPID-51006",
"product_identification_helper": {
"model_numbers": [
"58334"
]
}
}
},
{
"category": "product_version",
"name": "1.78",
"product": {
"name": "Com-Server Highspeed 19\" 4Port 1.78",
"product_id": "CSAFPID-52006"
}
}
],
"category": "product_name",
"name": "Com-Server Highspeed 19\" 4Port"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.78",
"product": {
"name": "Com-Server Highspeed Compact \u003c1.78",
"product_id": "CSAFPID-51007",
"product_identification_helper": {
"model_numbers": [
"58231"
]
}
}
},
{
"category": "product_version",
"name": "1.78",
"product": {
"name": "Com-Server Highspeed Compact 1.78",
"product_id": "CSAFPID-52007"
}
}
],
"category": "product_name",
"name": "Com-Server Highspeed Compact"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.78",
"product": {
"name": "Com-Server Highspeed Industry \u003c1.78",
"product_id": "CSAFPID-51008",
"product_identification_helper": {
"model_numbers": [
"58631"
]
}
}
},
{
"category": "product_version",
"name": "1.78",
"product": {
"name": "Com-Server Highspeed Industry 1.78",
"product_id": "CSAFPID-52008"
}
}
],
"category": "product_name",
"name": "Com-Server Highspeed Industry"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.78",
"product": {
"name": "Com-Server Highspeed Isolated \u003c1.78",
"product_id": "CSAFPID-51009",
"product_identification_helper": {
"model_numbers": [
"58633"
]
}
}
},
{
"category": "product_version",
"name": "1.78",
"product": {
"name": "Com-Server Highspeed Isolated 1.78",
"product_id": "CSAFPID-52009"
}
}
],
"category": "product_name",
"name": "Com-Server Highspeed Isolated"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.78",
"product": {
"name": "Com-Server Highspeed OEM \u003c1.78",
"product_id": "CSAFPID-51010",
"product_identification_helper": {
"model_numbers": [
"58431"
]
}
}
},
{
"category": "product_version",
"name": "1.78",
"product": {
"name": "Com-Server Highspeed OEM 1.78",
"product_id": "CSAFPID-52010"
}
}
],
"category": "product_name",
"name": "Com-Server Highspeed OEM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.78",
"product": {
"name": "Com-Server Highspeed Office 1 Port \u003c1.78",
"product_id": "CSAFPID-51011",
"product_identification_helper": {
"model_numbers": [
"58031"
]
}
}
},
{
"category": "product_version",
"name": "1.78",
"product": {
"name": "Com-Server Highspeed Office 1 Port 1.78",
"product_id": "CSAFPID-52011"
}
}
],
"category": "product_name",
"name": "Com-Server Highspeed Office 1 Port"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.78",
"product": {
"name": "Com-Server Highspeed Office 4 Port \u003c1.78",
"product_id": "CSAFPID-51012",
"product_identification_helper": {
"model_numbers": [
"58034"
]
}
}
},
{
"category": "product_version",
"name": "1.78",
"product": {
"name": "Com-Server Highspeed Office 4 Port 1.78",
"product_id": "CSAFPID-52012"
}
}
],
"category": "product_name",
"name": "Com-Server Highspeed Office 4 Port"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.78",
"product": {
"name": "Com-Server Highspeed PoE \u003c1.78",
"product_id": "CSAFPID-51013",
"product_identification_helper": {
"model_numbers": [
"58641"
]
}
}
},
{
"category": "product_version",
"name": "1.78",
"product": {
"name": "Com-Server Highspeed PoE 1.78",
"product_id": "CSAFPID-52013"
}
}
],
"category": "product_name",
"name": "Com-Server Highspeed PoE"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.55",
"product": {
"name": "Com-Server LC \u003c1.55",
"product_id": "CSAFPID-51014",
"product_identification_helper": {
"model_numbers": [
"58661"
]
}
}
},
{
"category": "product_version",
"name": "1.55",
"product": {
"name": "Com-Server LC 1.55",
"product_id": "CSAFPID-52014"
}
}
],
"category": "product_name",
"name": "Com-Server LC"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.55",
"product": {
"name": "Com-Server PoE 3 x Isolated \u003c1.55",
"product_id": "CSAFPID-51015",
"product_identification_helper": {
"model_numbers": [
"58662"
]
}
}
},
{
"category": "product_version",
"name": "1.55",
"product": {
"name": "Com-Server PoE 3 x Isolated 1.55",
"product_id": "CSAFPID-52015"
}
}
],
"category": "product_name",
"name": "Com-Server PoE 3 x Isolated"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.55",
"product": {
"name": "Com-Server UL \u003c1.55",
"product_id": "CSAFPID-51016",
"product_identification_helper": {
"model_numbers": [
"58669"
]
}
}
},
{
"category": "product_version",
"name": "1.55",
"product": {
"name": "Com-Server UL 1.55",
"product_id": "CSAFPID-52016"
}
}
],
"category": "product_name",
"name": "Com-Server UL"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "Wiesemann \u0026 Theis"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-51010",
"CSAFPID-51011",
"CSAFPID-51012",
"CSAFPID-51013",
"CSAFPID-51014",
"CSAFPID-51015",
"CSAFPID-51016"
],
"summary": "Affected Products"
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-52001",
"CSAFPID-52002",
"CSAFPID-52003",
"CSAFPID-52004",
"CSAFPID-52005",
"CSAFPID-52006",
"CSAFPID-52007",
"CSAFPID-52008",
"CSAFPID-52009",
"CSAFPID-52010",
"CSAFPID-52011",
"CSAFPID-52012",
"CSAFPID-52013",
"CSAFPID-52014",
"CSAFPID-52015",
"CSAFPID-52016"
],
"summary": "Fixed Products"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-4098",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"notes": [
{
"category": "description",
"text": "Multiple Wiesemann\u0026Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. During an authenticated session to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and change arbitrary settings by crafting modified HTTP Get requests. This may result in a complete takeover of the device.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001",
"CSAFPID-52002",
"CSAFPID-52003",
"CSAFPID-52004",
"CSAFPID-52005",
"CSAFPID-52006",
"CSAFPID-52007",
"CSAFPID-52008",
"CSAFPID-52009",
"CSAFPID-52010",
"CSAFPID-52011",
"CSAFPID-52012",
"CSAFPID-52013",
"CSAFPID-52014",
"CSAFPID-52015",
"CSAFPID-52016"
],
"known_affected": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-51010",
"CSAFPID-51011",
"CSAFPID-51012",
"CSAFPID-51013",
"CSAFPID-51014",
"CSAFPID-51015",
"CSAFPID-51016"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update Com-Server family to version 1.55 Update Com-Server Highspeed family to version 1.78 or higher",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.1,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-51010",
"CSAFPID-51011",
"CSAFPID-51012",
"CSAFPID-51013",
"CSAFPID-51014",
"CSAFPID-51015",
"CSAFPID-51016"
]
}
],
"title": "CVE-2022-4098"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…