CVE-2022-45139 : A CORS Misconfiguration in the web-based management allows a malicious third par

A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality.

Published 2023-02-27 15:15:11

Updated 2023-03-07 22:54:57

Source CERT VDE

View at NVD, CVE.org

Products affected by CVE-2022-45139

Wago » Pfc200 Firmware
Versions from including (>=) 16 and before (<) 22
cpe:2.3:o:wago:pfc200_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Wago » Pfc200 » Version: N/A
Wago » Pfc200 Firmware » Version: 22
cpe:2.3:o:wago:pfc200_firmware:22:-:*:*:*:*:*:*
Matching versions
When used together with: Wago » Pfc200 » Version: N/A
Wago » Pfc200 Firmware » Version: 23
cpe:2.3:o:wago:pfc200_firmware:23:*:*:*:*:*:*:*
Matching versions
When used together with: Wago » Pfc200 » Version: N/A
Wago » Pfc100 Firmware
Versions from including (>=) 16 and before (<) 22
cpe:2.3:o:wago:pfc100_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Wago » Pfc100 » Version: N/A
Wago » Pfc100 Firmware » Version: 22
cpe:2.3:o:wago:pfc100_firmware:22:-:*:*:*:*:*:*
Matching versions
When used together with: Wago » Pfc100 » Version: N/A
Wago » Pfc100 Firmware » Version: 23
cpe:2.3:o:wago:pfc100_firmware:23:*:*:*:*:*:*:*
Matching versions
When used together with: Wago » Pfc100 » Version: N/A
Wago » Touch Panel 600 Standard Firmware
Versions from including (>=) 16 and before (<) 22
cpe:2.3:o:wago:touch_panel_600_standard_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Wago » Touch Panel 600 Standard » Version: N/A
Wago » Touch Panel 600 Standard Firmware » Version: 22
cpe:2.3:o:wago:touch_panel_600_standard_firmware:22:-:*:*:*:*:*:*
Matching versions
When used together with: Wago » Touch Panel 600 Standard » Version: N/A
Wago » Touch Panel 600 Standard Firmware » Version: 23
cpe:2.3:o:wago:touch_panel_600_standard_firmware:23:*:*:*:*:*:*:*
Matching versions
When used together with: Wago » Touch Panel 600 Standard » Version: N/A
Wago » Touch Panel 600 Advanced Firmware
Versions from including (>=) 16 and before (<) 22
cpe:2.3:o:wago:touch_panel_600_advanced_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Wago » Touch Panel 600 Advanced » Version: N/A
Wago » Touch Panel 600 Advanced Firmware » Version: 22
cpe:2.3:o:wago:touch_panel_600_advanced_firmware:22:-:*:*:*:*:*:*
Matching versions
When used together with: Wago » Touch Panel 600 Advanced » Version: N/A
Wago » Touch Panel 600 Advanced Firmware » Version: 23
cpe:2.3:o:wago:touch_panel_600_advanced_firmware:23:*:*:*:*:*:*:*
Matching versions
When used together with: Wago » Touch Panel 600 Advanced » Version: N/A
Wago » Touch Panel 600 Marine Firmware
Versions from including (>=) 16 and before (<) 22
cpe:2.3:o:wago:touch_panel_600_marine_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Wago » Touch Panel 600 Marine » Version: N/A
Wago » Touch Panel 600 Marine Firmware » Version: 22
cpe:2.3:o:wago:touch_panel_600_marine_firmware:22:-:*:*:*:*:*:*
Matching versions
When used together with: Wago » Touch Panel 600 Marine » Version: N/A
Wago » Touch Panel 600 Marine Firmware » Version: 23
cpe:2.3:o:wago:touch_panel_600_marine_firmware:23:*:*:*:*:*:*:*
Matching versions
When used together with: Wago » Touch Panel 600 Marine » Version: N/A
Wago » 751-9301 Firmware
Versions from including (>=) 16 and before (<) 22
cpe:2.3:o:wago:751-9301_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Wago » 751-9301 » Version: N/A
Wago » 751-9301 Firmware » Version: 22
cpe:2.3:o:wago:751-9301_firmware:22:-:*:*:*:*:*:*
Matching versions
When used together with: Wago » 751-9301 » Version: N/A
Wago » 751-9301 Firmware » Version: 23
cpe:2.3:o:wago:751-9301_firmware:23:*:*:*:*:*:*:*
Matching versions
When used together with: Wago » 751-9301 » Version: N/A
Wago » 752-8303/8000-002 Firmware
Versions from including (>=) 18 and before (<) 22
cpe:2.3:o:wago:752-8303\/8000-002_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Wago » 752-8303/8000-002 » Version: N/A
Wago » 752-8303/8000-002 Firmware » Version: 22
cpe:2.3:o:wago:752-8303\/8000-002_firmware:22:-:*:*:*:*:*:*
Matching versions
When used together with: Wago » 752-8303/8000-002 » Version: N/A
Wago » 752-8303/8000-002 Firmware » Version: 23
cpe:2.3:o:wago:752-8303\/8000-002_firmware:23:*:*:*:*:*:*:*
Matching versions
When used together with: Wago » 752-8303/8000-002 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2022-45139

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 12 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-45139

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	3.9	1.4	CERT VDE
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2022-45139

CWE-346 Origin Validation Error

The product does not properly verify that the source of data or communication is valid.
Assigned by:
- info@cert.vde.com (Secondary)
- nvd@nist.gov (Primary)

References for CVE-2022-45139

https://cert.vde.com/en/advisories/VDE-2022-060/

VDE-2022-060 | CERT@VDE
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2022-45139

Products affected by CVE-2022-45139

Exploit prediction scoring system (EPSS) score for CVE-2022-45139

CVSS scores for CVE-2022-45139

CWE ids for CVE-2022-45139

References for CVE-2022-45139