CVE-2022-4098
HIGH
8,0
Source: [email protected]
Attack Vector: adjacent_network
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Description
AI Translation Available
Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by crafting modified HTTP Get requests. This may result in a complete takeover of the device.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0009
Percentile
0,3th
Updated
EPSS Score Trend (Last 90 Days)
290
Authentication Bypass by Spoofing
IncompleteCommon Consequences
Security Scopes Affected:
Access Control
Potential Impacts:
Bypass Protection Mechanism
Gain Privileges Or Assume Identity
Applicable Platforms
All platforms may be affected
Operating System
Com-Server Highspeed Isolated Firmware by Wut
Version Range Affected
To
1.78
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:wut:com-server_highspeed_isolated_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Com-Server Highspeed Lc Firmware by Wut
Version Range Affected
To
1.55
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:wut:com-server_highspeed_lc_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Com-Server Highspeed 19\" 1Port Firmware by Wut
Version Range Affected
To
1.78
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:wut:com-server_highspeed_19\"_1port_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Com-Server Highspeed Ul Firmware by Wut
Version Range Affected
To
1.55
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:wut:com-server_highspeed_ul_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Com-Server Highspeed Office 4Port Firmware by Wut
Version Range Affected
To
1.78
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:wut:com-server_highspeed_office_4port_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Com-Server 20Ma Firmware by Wut
Version Range Affected
To
1.55
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:wut:com-server_20ma_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Com-Server Highspeed Poe 3X Isolated Firmware by Wut
Version Range Affected
To
1.55
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:wut:com-server_highspeed_poe_3x_isolated_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Com-Server Highspeed Office 1Port Firmware by Wut
Version Range Affected
To
1.78
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:wut:com-server_highspeed_office_1port_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Com-Server \+\+ Firmware by Wut
Version Range Affected
To
1.55
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:wut:com-server_\+\+_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Com-Server Highspeed Industry Firmware by Wut
Version Range Affected
To
1.78
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:wut:com-server_highspeed_industry_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Com-Server Highspeed 19\" 4Port Firmware by Wut
Version Range Affected
To
1.78
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:wut:com-server_highspeed_19\"_4port_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Com-Server Highspeed Poe Firmware by Wut
Version Range Affected
To
1.78
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:wut:com-server_highspeed_poe_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Com-Server Highspeed 100Baselx Firmware by Wut
Version Range Affected
To
1.78
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:wut:com-server_highspeed_100baselx_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Com-Server Highspeed Compact Firmware by Wut
Version Range Affected
To
1.78
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:wut:com-server_highspeed_compact_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Com-Server Highspeed Oem Firmware by Wut
Version Range Affected
To
1.78
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:wut:com-server_highspeed_oem_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Com-Server Highspeed 100Basefx Firmware by Wut
Version Range Affected
To
1.78
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:wut:com-server_highspeed_100basefx_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://cert.vde.com/en/advisories/VDE-2022-057/
https://cert.vde.com/en/advisories/VDE-2022-057/