Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for com-server_highspeed_isolated_firmware by wut

    CVE-2022-4098 (GCVE-0-2022-4098)

    Vulnerability from nvd – Published: 2022-12-13 07:26 – Updated: 2025-04-14 18:12
    VLAI
    Title
    Wiesemann & Theis: Multiple products prone to missing authentication through spoofing
    Summary
    Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by crafting modified HTTP Get requests. This may result in a complete takeover of the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-290 - Authentication Bypass by Spoofing
    Assigner
    References
    Impacted products
    Vendor Product Version
    Wiesemann & Theis Com-Server ++ Affected: 0 , < 1.55 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server 20mA Affected: 0 , < 1.55 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 100BaseFX Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 100BaseLX Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 19" 1Port Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 19" 4Port Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Compact Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Industry Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Isolated Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed OEM Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Office 1 Port Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Office 4 Port Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed PoE Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server LC Affected: 0 , < 1.55 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server PoE 3 x Isolated Affected: 0 , < 1.55 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server UL Affected: 0 , < 1.55 (semver)
    Create a notification for this product.
    Credits
    Wiesemann & Theis would like to thank Martin Weiß for responsibly disclosing this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:27:54.380Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-057/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-4098",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T18:06:43.505209Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T18:12:33.668Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server ++",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server 20mA",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 100BaseFX",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 100BaseLX",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 19\" 1Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 19\" 4Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Compact",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Industry",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Isolated",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed OEM",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Office 1 Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Office 4 Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed PoE",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server LC",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server PoE 3 x Isolated",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server UL",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Wiesemann \u0026 Theis would like to thank Martin Wei\u00df for responsibly disclosing this vulnerability."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple Wiesemann\u0026amp;Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by crafting modified HTTP Get requests. This may result in a complete takeover of the device."
                }
              ],
              "value": "Multiple Wiesemann\u0026Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by crafting modified HTTP Get requests. This may result in a complete takeover of the device."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-151",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-151 Identity Spoofing"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-290",
                  "description": "CWE-290 Authentication Bypass by Spoofing",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-12T09:48:16.966Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2022-057/"
            }
          ],
          "source": {
            "advisory": "VDE-2022-057",
            "defect": [
              "CERT@VDE#64297"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Wiesemann \u0026 Theis: Multiple products prone to missing authentication through spoofing",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-4098",
        "datePublished": "2022-12-13T07:26:17.752Z",
        "dateReserved": "2022-11-21T11:21:00.430Z",
        "dateUpdated": "2025-04-14T18:12:33.668Z",
        "requesterUserId": "a1e5283b-8f0d-401e-98b2-bc6219c0e8d1",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-42785 (GCVE-0-2022-42785)

    Vulnerability from nvd – Published: 2022-11-10 11:01 – Updated: 2025-05-01 19:02
    VLAI
    Title
    Wiesemann & Theis: Authentication bypass in Com-Server family
    Summary
    Multiple W&T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET Request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    Wiesemann & Theis Com-Server LC Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server PoE 3 x Isolated Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server 20mA Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server ++ Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis AT-Modem-Emulator Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server UL Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 100BaseFX Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 100BaseLX Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Office 1 Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Office 4 Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Industry Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed OEM Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Compact Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Isolated Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 19" 1Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 19" 4Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed PoE Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Date Public
    2022-11-07 10:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:19:04.510Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/de/advisories/VDE-2022-043/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-42785",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-01T19:01:46.831217Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-01T19:02:00.365Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server LC",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server PoE 3 x Isolated",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server 20mA",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server ++",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AT-Modem-Emulator",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server UL",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 100BaseFX",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 100BaseLX",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Office 1 Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Office 4 Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Industry",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed OEM",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Compact",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Isolated",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 19\" 1Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 19\" 4Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed PoE",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2022-11-07T10:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple W\u0026amp;T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET Request."
                }
              ],
              "value": "Multiple W\u0026T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET Request."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-15T20:43:00.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/de/advisories/VDE-2022-043/"
            }
          ],
          "source": {
            "advisory": "VDE-2022-043",
            "defect": [
              "CERT@VDE#64257"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Wiesemann \u0026 Theis: Authentication bypass in Com-Server family",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-42785",
        "datePublished": "2022-11-10T11:01:41.011Z",
        "dateReserved": "2022-10-11T13:32:19.671Z",
        "dateUpdated": "2025-05-01T19:02:00.365Z",
        "requesterUserId": "a1e5283b-8f0d-401e-98b2-bc6219c0e8d1",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-42787 (GCVE-0-2022-42787)

    Vulnerability from nvd – Published: 2022-11-10 11:06 – Updated: 2025-05-01 19:01
    VLAI
    Title
    Wiesemann & Theis: Small number space for allocating session id in Com-Server family
    Summary
    Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be successful a user interaction is required.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-330 - Use of Insufficiently Random Values
    Assigner
    References
    Impacted products
    Vendor Product Version
    Wiesemann & Theis Com-Server LC Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server PoE 3 x Isolated Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server 20mA Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server ++ Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis AT-Modem-Emulator Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server UL Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 100BaseFX Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 100BaseLX Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Office 1 Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Office 4 Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Industry Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed OEM Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Compact Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Isolated Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 19" 1Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 19" 4Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed PoE Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Date Public
    2022-11-07 10:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:19:04.509Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/de/advisories/VDE-2022-043"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-42787",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-01T19:01:02.435905Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-01T19:01:20.740Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server LC",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server PoE 3 x Isolated",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server 20mA",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server ++",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AT-Modem-Emulator",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server UL",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 100BaseFX",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 100BaseLX",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Office 1 Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Office 4 Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Industry",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed OEM",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Compact",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Isolated",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 19\" 1Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 19\" 4Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed PoE",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2022-11-07T10:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple W\u0026amp;T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be successful a user interaction is required."
                }
              ],
              "value": "Multiple W\u0026T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be successful a user interaction is required."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-112",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-112 Brute Force"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-330",
                  "description": "CWE-330 Use of Insufficiently Random Values",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-01T13:56:46.185Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/de/advisories/VDE-2022-043"
            }
          ],
          "source": {
            "advisory": "VDE-2022-043",
            "defect": [
              "CERT@VDE#64257"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Wiesemann \u0026 Theis: Small number space for allocating session id in Com-Server family",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-42787",
        "datePublished": "2022-11-10T11:06:20.856Z",
        "dateReserved": "2022-10-11T13:32:19.672Z",
        "dateUpdated": "2025-05-01T19:01:20.740Z",
        "requesterUserId": "a1e5283b-8f0d-401e-98b2-bc6219c0e8d1",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-42786 (GCVE-0-2022-42786)

    Vulnerability from nvd – Published: 2022-11-10 11:02 – Updated: 2025-04-29 14:56
    VLAI
    Title
    Wiesemann & Theis: XSS vulnerability in web interface of the Com-Server family
    Summary
    Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Wiesemann & Theis Com-Server LC Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server PoE 3 x Isolated Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server 20mA Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server ++ Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis AT-Modem-Emulator Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server UL Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 100BaseFX Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 100BaseLX Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Office 1 Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Office 4 Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Industry Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed OEM Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Compact Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Isolated Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 19" 1Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 19" 4Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed PoE Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Date Public
    2022-11-07 10:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:19:04.411Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/de/advisories/VDE-2022-043/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-42786",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-29T14:56:37.167104Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-29T14:56:50.373Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server LC",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server PoE 3 x Isolated",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server 20mA",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server ++",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AT-Modem-Emulator",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server UL",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 100BaseFX",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 100BaseLX",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Office 1 Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Office 4 Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Industry",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed OEM",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Compact",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Isolated",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 19\" 1Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 19\" 4Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed PoE",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2022-11-07T10:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple W\u0026amp;T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage"
                }
              ],
              "value": "Multiple W\u0026T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-32",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-32 XSS Through HTTP Query Strings"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-16T08:53:50.333Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/de/advisories/VDE-2022-043/"
            }
          ],
          "source": {
            "advisory": "VDE-2022-043",
            "defect": [
              "CERT@VDE#64257"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Wiesemann \u0026 Theis: XSS vulnerability in web interface of the Com-Server family",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-42786",
        "datePublished": "2022-11-10T11:02:32.615Z",
        "dateReserved": "2022-10-11T13:32:19.672Z",
        "dateUpdated": "2025-04-29T14:56:50.373Z",
        "requesterUserId": "a1e5283b-8f0d-401e-98b2-bc6219c0e8d1",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-4098 (GCVE-0-2022-4098)

    Vulnerability from cvelistv5 – Published: 2022-12-13 07:26 – Updated: 2025-04-14 18:12
    VLAI
    Title
    Wiesemann & Theis: Multiple products prone to missing authentication through spoofing
    Summary
    Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by crafting modified HTTP Get requests. This may result in a complete takeover of the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-290 - Authentication Bypass by Spoofing
    Assigner
    References
    Impacted products
    Vendor Product Version
    Wiesemann & Theis Com-Server ++ Affected: 0 , < 1.55 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server 20mA Affected: 0 , < 1.55 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 100BaseFX Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 100BaseLX Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 19" 1Port Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 19" 4Port Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Compact Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Industry Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Isolated Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed OEM Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Office 1 Port Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Office 4 Port Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed PoE Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server LC Affected: 0 , < 1.55 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server PoE 3 x Isolated Affected: 0 , < 1.55 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server UL Affected: 0 , < 1.55 (semver)
    Create a notification for this product.
    Credits
    Wiesemann & Theis would like to thank Martin Weiß for responsibly disclosing this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:27:54.380Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-057/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-4098",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T18:06:43.505209Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T18:12:33.668Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server ++",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server 20mA",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 100BaseFX",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 100BaseLX",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 19\" 1Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 19\" 4Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Compact",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Industry",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Isolated",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed OEM",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Office 1 Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Office 4 Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed PoE",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server LC",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server PoE 3 x Isolated",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server UL",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Wiesemann \u0026 Theis would like to thank Martin Wei\u00df for responsibly disclosing this vulnerability."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple Wiesemann\u0026amp;Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by crafting modified HTTP Get requests. This may result in a complete takeover of the device."
                }
              ],
              "value": "Multiple Wiesemann\u0026Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by crafting modified HTTP Get requests. This may result in a complete takeover of the device."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-151",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-151 Identity Spoofing"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-290",
                  "description": "CWE-290 Authentication Bypass by Spoofing",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-12T09:48:16.966Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2022-057/"
            }
          ],
          "source": {
            "advisory": "VDE-2022-057",
            "defect": [
              "CERT@VDE#64297"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Wiesemann \u0026 Theis: Multiple products prone to missing authentication through spoofing",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-4098",
        "datePublished": "2022-12-13T07:26:17.752Z",
        "dateReserved": "2022-11-21T11:21:00.430Z",
        "dateUpdated": "2025-04-14T18:12:33.668Z",
        "requesterUserId": "a1e5283b-8f0d-401e-98b2-bc6219c0e8d1",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-42787 (GCVE-0-2022-42787)

    Vulnerability from cvelistv5 – Published: 2022-11-10 11:06 – Updated: 2025-05-01 19:01
    VLAI
    Title
    Wiesemann & Theis: Small number space for allocating session id in Com-Server family
    Summary
    Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be successful a user interaction is required.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-330 - Use of Insufficiently Random Values
    Assigner
    References
    Impacted products
    Vendor Product Version
    Wiesemann & Theis Com-Server LC Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server PoE 3 x Isolated Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server 20mA Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server ++ Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis AT-Modem-Emulator Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server UL Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 100BaseFX Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 100BaseLX Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Office 1 Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Office 4 Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Industry Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed OEM Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Compact Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Isolated Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 19" 1Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 19" 4Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed PoE Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Date Public
    2022-11-07 10:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:19:04.509Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/de/advisories/VDE-2022-043"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-42787",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-01T19:01:02.435905Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-01T19:01:20.740Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server LC",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server PoE 3 x Isolated",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server 20mA",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server ++",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AT-Modem-Emulator",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server UL",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 100BaseFX",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 100BaseLX",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Office 1 Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Office 4 Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Industry",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed OEM",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Compact",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Isolated",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 19\" 1Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 19\" 4Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed PoE",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2022-11-07T10:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple W\u0026amp;T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be successful a user interaction is required."
                }
              ],
              "value": "Multiple W\u0026T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be successful a user interaction is required."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-112",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-112 Brute Force"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-330",
                  "description": "CWE-330 Use of Insufficiently Random Values",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-01T13:56:46.185Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/de/advisories/VDE-2022-043"
            }
          ],
          "source": {
            "advisory": "VDE-2022-043",
            "defect": [
              "CERT@VDE#64257"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Wiesemann \u0026 Theis: Small number space for allocating session id in Com-Server family",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-42787",
        "datePublished": "2022-11-10T11:06:20.856Z",
        "dateReserved": "2022-10-11T13:32:19.672Z",
        "dateUpdated": "2025-05-01T19:01:20.740Z",
        "requesterUserId": "a1e5283b-8f0d-401e-98b2-bc6219c0e8d1",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-42786 (GCVE-0-2022-42786)

    Vulnerability from cvelistv5 – Published: 2022-11-10 11:02 – Updated: 2025-04-29 14:56
    VLAI
    Title
    Wiesemann & Theis: XSS vulnerability in web interface of the Com-Server family
    Summary
    Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Wiesemann & Theis Com-Server LC Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server PoE 3 x Isolated Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server 20mA Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server ++ Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis AT-Modem-Emulator Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server UL Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 100BaseFX Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 100BaseLX Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Office 1 Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Office 4 Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Industry Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed OEM Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Compact Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Isolated Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 19" 1Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 19" 4Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed PoE Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Date Public
    2022-11-07 10:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:19:04.411Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/de/advisories/VDE-2022-043/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-42786",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-29T14:56:37.167104Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-29T14:56:50.373Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server LC",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server PoE 3 x Isolated",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server 20mA",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server ++",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AT-Modem-Emulator",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server UL",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 100BaseFX",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 100BaseLX",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Office 1 Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Office 4 Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Industry",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed OEM",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Compact",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Isolated",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 19\" 1Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 19\" 4Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed PoE",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2022-11-07T10:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple W\u0026amp;T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage"
                }
              ],
              "value": "Multiple W\u0026T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-32",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-32 XSS Through HTTP Query Strings"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-16T08:53:50.333Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/de/advisories/VDE-2022-043/"
            }
          ],
          "source": {
            "advisory": "VDE-2022-043",
            "defect": [
              "CERT@VDE#64257"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Wiesemann \u0026 Theis: XSS vulnerability in web interface of the Com-Server family",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-42786",
        "datePublished": "2022-11-10T11:02:32.615Z",
        "dateReserved": "2022-10-11T13:32:19.672Z",
        "dateUpdated": "2025-04-29T14:56:50.373Z",
        "requesterUserId": "a1e5283b-8f0d-401e-98b2-bc6219c0e8d1",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-42785 (GCVE-0-2022-42785)

    Vulnerability from cvelistv5 – Published: 2022-11-10 11:01 – Updated: 2025-05-01 19:02
    VLAI
    Title
    Wiesemann & Theis: Authentication bypass in Com-Server family
    Summary
    Multiple W&T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET Request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    Wiesemann & Theis Com-Server LC Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server PoE 3 x Isolated Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server 20mA Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server ++ Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis AT-Modem-Emulator Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server UL Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 100BaseFX Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 100BaseLX Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Office 1 Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Office 4 Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Industry Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed OEM Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Compact Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Isolated Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 19" 1Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 19" 4Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed PoE Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Date Public
    2022-11-07 10:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:19:04.510Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/de/advisories/VDE-2022-043/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-42785",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-01T19:01:46.831217Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-01T19:02:00.365Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server LC",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server PoE 3 x Isolated",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server 20mA",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server ++",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AT-Modem-Emulator",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server UL",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 100BaseFX",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 100BaseLX",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Office 1 Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Office 4 Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Industry",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed OEM",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Compact",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Isolated",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 19\" 1Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 19\" 4Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed PoE",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2022-11-07T10:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple W\u0026amp;T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET Request."
                }
              ],
              "value": "Multiple W\u0026T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET Request."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-15T20:43:00.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/de/advisories/VDE-2022-043/"
            }
          ],
          "source": {
            "advisory": "VDE-2022-043",
            "defect": [
              "CERT@VDE#64257"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Wiesemann \u0026 Theis: Authentication bypass in Com-Server family",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-42785",
        "datePublished": "2022-11-10T11:01:41.011Z",
        "dateReserved": "2022-10-11T13:32:19.671Z",
        "dateUpdated": "2025-05-01T19:02:00.365Z",
        "requesterUserId": "a1e5283b-8f0d-401e-98b2-bc6219c0e8d1",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }