CVE-2022-45138
Published: Feb 27, 2023
Modified: Mar 10, 2025
CVSS v3.1
9.8
Description
The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device.
| Vendor | Product | Versions |
|---|---|---|
WAGO | Compact Controller CC100 (751-9301) | affected FW16 - < FW22unaffected FW22 Patch 1affected FW23 |
WAGO | Edge Controller (752-8303/8000-002) | affected FW18 - < FW22unaffected FW22 Patch 1affected FW23 |
WAGO | PFC100 (750-81xx/xxx-xxx) | affected FW16 - < FW22unaffected FW22 Patch 1affected FW23 |
WAGO | PFC200 (750-82xx/xxx-xxx) | affected FW16 - < FW22unaffected FW22 Patch 1affected FW23 |
WAGO | Touch Panel 600 Advanced Line (762-5xxx) | affected FW16 - < FW22unaffected FW22 Patch 1affected FW23 |
WAGO | Touch Panel 600 Marine Line (762-6xxx) | affected FW16 - < FW22unaffected FW22 Patch 1affected FW23 |
WAGO | Touch Panel 600 Standard Line (762-4xxx) | affected FW16 - < FW22unaffected FW22 Patch 1affected FW23 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now