Lucene search

CERTVDECVELIST:CVE-2022-3843

HistoryFeb 16, 2023 - 2:58 p.m.

CVE-2022-3843 WAGO: Exposure of configuration interface in unmanaged switches

2023-02-1614:58:44

CWE-912

CERTVDE

www.cve.org

wago

unmanaged switch

configuration interface

remote attacker

system information

firmware vulnerability

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

9.1

Confidence

High

EPSS

0.003

Percentile

71.4%

JSON

In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Unmanaged Switch 852-111/000-001",
    "vendor": "WAGO",
    "versions": [
      {
        "status": "affected",
        "version": "01"
      }
    ]
  }
]

References

cert.vde.com/en/advisories/VDE-2022-055/

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

9.1

Confidence

High

EPSS

0.003

Percentile

71.4%

JSON

Related for CVELIST:CVE-2022-3843