CVE-2022-45139
Published: Feb 27, 2023
Modified: Mar 10, 2025
CVSS v3.1
5.3
Description
A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality.
| Vendor | Product | Versions |
|---|---|---|
WAGO | Compact Controller CC100 (751-9301) | affected FW16 - < FW22unaffected FW22 Patch 1affected FW23 |
WAGO | Edge Controller (752-8303/8000-002) | affected FW18 - < FW22unaffected FW22 Patch 1affected FW23 |
WAGO | PFC100 (750-81xx/xxx-xxx) | affected FW16 - < FW22unaffected FW22 Patch 1affected FW23 |
WAGO | PFC200 (750-82xx/xxx-xxx) | affected FW16 - < FW22unaffected FW22 Patch 1affected FW23 |
WAGO | Touch Panel 600 Advanced Line (762-5xxx) | affected FW16 - < FW22unaffected FW22 Patch 1affected FW23 |
WAGO | Touch Panel 600 Marine Line (762-6xxx) | affected FW16 - < FW22unaffected FW22 Patch 1affected FW23 |
WAGO | Touch Panel 600 Standard Line (762-4xxx) | affected FW16 - < FW22unaffected FW22 Patch 1affected FW23 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now