← Back

CVE-2022-4098

nvd nist
Published: Dec 13, 2022Modified: Nov 21, 2024

JSON object

Loading...
8.0
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.1 / Impact: 5.9
Source: NVD (Secondary)

Description

Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by crafting modified HTTP Get requests. This may result in a complete takeover of the device.

Affected (16)

Wut
16 products
Com Server ++ Firmware
Com Server 20ma Firmware
Com Server Highspeed 100basefx Firmware
Com Server Highspeed 100baselx Firmware
Com Server Highspeed 19" 1port Firmware
Com Server Highspeed 19" 4port Firmware
Com Server Highspeed Compact Firmware
Com Server Highspeed Industry Firmware
Com Server Highspeed Isolated Firmware
Com Server Highspeed Oem Firmware
Com Server Highspeed Office 1port Firmware
Com Server Highspeed Office 4port Firmware
Com Server Highspeed Poe Firmware
Com Server Highspeed Lc Firmware
Com Server Highspeed Poe 3x Isolated Firmware
Com Server Highspeed Ul Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Com Server ++ Firmware
Before 1.55
Running on/withPlatform Versions
Wut
Com Server ++
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Com Server 20ma Firmware
Before 1.55
Running on/withPlatform Versions
Wut
Com Server 20ma
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Com Server Highspeed 100basefx Firmware
Before 1.78
Running on/withPlatform Versions
Wut
Com Server Highspeed 100basefx
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Com Server Highspeed 100baselx Firmware
Before 1.78
Running on/withPlatform Versions
Wut
Com Server Highspeed 100baselx
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Com Server Highspeed 19" 1port Firmware
Before 1.78
Running on/withPlatform Versions
Wut
Com Server Highspeed 19" 1port
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Com Server Highspeed 19" 4port Firmware
Before 1.78
Running on/withPlatform Versions
Wut
Com Server Highspeed 19" 4port
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Com Server Highspeed Compact Firmware
Before 1.78
Running on/withPlatform Versions
Wut
Com Server Highspeed Compact
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Com Server Highspeed Industry Firmware
Before 1.78
Running on/withPlatform Versions
Wut
Com Server Highspeed Industry
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Com Server Highspeed Isolated Firmware
Before 1.78
Running on/withPlatform Versions
Wut
Com Server Highspeed Isolated
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Com Server Highspeed Oem Firmware
Before 1.78
Running on/withPlatform Versions
Wut
Com Server Highspeed Oem
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Com Server Highspeed Office 1port Firmware
Before 1.78
Running on/withPlatform Versions
Wut
Com Server Highspeed Office 1port
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Com Server Highspeed Office 4port Firmware
Before 1.78
Running on/withPlatform Versions
Wut
Com Server Highspeed Office 4port
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Com Server Highspeed Poe Firmware
Before 1.78
Running on/withPlatform Versions
Wut
Com Server Highspeed Poe
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Com Server Highspeed Lc Firmware
Before 1.55
Running on/withPlatform Versions
Wut
Com Server Highspeed Lc
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Com Server Highspeed Poe 3x Isolated Firmware
Before 1.55
Running on/withPlatform Versions
Wut
Com Server Highspeed Poe 3x Isolated
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Com Server Highspeed Ul Firmware
Before 1.55
Running on/withPlatform Versions
Wut
Com Server Highspeed Ul
All versions

Related CWEs

CWE-290
Authentication Bypass by Spoofing
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

References (2)

Source: info@cert.vde.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.