Search

Find a vulnerability

Search criteria

    14 vulnerabilities by Wiesemann & Theis

    CVE-2025-41689 (GCVE-0-2025-41689)

    Vulnerability from nvd – Published: 2025-08-19 08:07 – Updated: 2025-08-25 09:23
    VLAI
    Title
    Wiesemann & Theis: Motherbox 3 allows unauthenticated read-only DB access
    Summary
    An unauthenticated remote attacker can get access without password protection to the affected device. This enables the unprotected read-only access to the stored measurement data.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    Wiesemann & Theis Motherbox 3 Affected: 1.44 , ≤ 1.48 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41689",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-19T13:19:50.266596Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-19T13:19:55.497Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Motherbox 3",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThanOrEqual": "1.48",
                  "status": "affected",
                  "version": "1.44",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn unauthenticated remote attacker can get access without password protection to the affected device. This enables the unprotected read-only access to the stored measurement data.\u003c/p\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker can get access without password protection to the affected device. This enables the unprotected read-only access to the stored measurement data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-25T09:23:13.175Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/en/advisories/VDE-2025-067"
            }
          ],
          "source": {
            "advisory": "VDE-2025-67",
            "defect": [
              "CERT@VDE#641832"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Wiesemann \u0026 Theis: Motherbox 3 allows unauthenticated read-only DB access",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41689",
        "datePublished": "2025-08-19T08:07:01.652Z",
        "dateReserved": "2025-04-16T11:17:48.309Z",
        "dateUpdated": "2025-08-25T09:23:13.175Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3020 (GCVE-0-2025-3020)

    Vulnerability from nvd – Published: 2025-05-06 08:01 – Updated: 2025-05-06 13:52
    VLAI
    Title
    Wiesemann & Theis: Multiple W&T Products are vulnerable to cross-site-scripting
    Summary
    An low privileged remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into several fields of the configuration webpage with limited impact.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Wiesemann & Theis ERP-Gateway 12x Digital Input, 6x Digital Relais Affected: all
    Create a notification for this product.
    Wiesemann & Theis ERP-Gateway 2x Digital Input, 2x Digital Output Affected: all
    Create a notification for this product.
    Wiesemann & Theis ERP-Gateway 2x Digital PoE Affected: all
    Create a notification for this product.
    Wiesemann & Theis Web-Alarm 6x6 DigitalWeb-Alarm 6x6 Digital Affected: all
    Create a notification for this product.
    Wiesemann & Theis Web-Count 6x Digital Affected: 0 , < 3.79 (semver)
    Create a notification for this product.
    Wiesemann & Theis Web-Graph Air Quality Affected: all
    Create a notification for this product.
    Wiesemann & Theis Web-IO 12x Digital Input, 6x Digital Relais Affected: all
    Create a notification for this product.
    Wiesemann & Theis Web-IO Analog-In/Out 2x 0/4..20mA PoE Affected: all
    Create a notification for this product.
    Wiesemann & Theis Web-IO Digital 12xIn, 12xOut Affected: all
    Create a notification for this product.
    Wiesemann & Theis Web-IO Digital 12xIn, 12xOut Affected: 0 , < 4.08 (semver)
    Create a notification for this product.
    Wiesemann & Theis Web-IO Digital 12xIn, 12xOut, 1xRS232 Affected: all
    Create a notification for this product.
    Wiesemann & Theis Web-IO Digital 2xIn, 2xOut Affected: all
    Create a notification for this product.
    Wiesemann & Theis Web-IO Digital Logger 6xIn, 6xOut Affected: 0 , < 3.70 (semver)
    Create a notification for this product.
    Wiesemann & Theis Web-Thermograph 2x Affected: all
    Create a notification for this product.
    Wiesemann & Theis Web-Thermograph 8x Affected: all
    Create a notification for this product.
    Wiesemann & Theis Web-Thermograph NTC Affected: all
    Create a notification for this product.
    Wiesemann & Theis Web-Thermograph NTC PoE Affected: all
    Create a notification for this product.
    Wiesemann & Theis Web-Thermograph Pt100 / Pt1000 Affected: all
    Create a notification for this product.
    Wiesemann & Theis Web-Thermograph Pt100 / Pt1000 PoE Affected: all
    Create a notification for this product.
    Wiesemann & Theis Web-Thermograph Relais Affected: all
    Create a notification for this product.
    Wiesemann & Theis Web-Thermo-Hygrobarograph Affected: all
    Create a notification for this product.
    Wiesemann & Theis Web-Thermo-Hygrograph Affected: all
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3020",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-06T13:52:10.556193Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-06T13:52:19.548Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ERP-Gateway 12x Digital Input, 6x Digital Relais",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ERP-Gateway 2x Digital Input, 2x Digital Output",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ERP-Gateway 2x Digital PoE",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-Alarm 6x6 DigitalWeb-Alarm 6x6 Digital",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-Count 6x Digital",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "3.79",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-Graph Air Quality",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-IO 12x Digital Input, 6x Digital Relais",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-IO 12x Digital Input, 6x Digital Relais",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-IO 12x Digital Input, 6x Digital Relais",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-IO Analog-In/Out 2x 0/4..20mA PoE",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-IO Digital 12xIn, 12xOut",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-IO Digital 12xIn, 12xOut",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-IO Digital 12xIn, 12xOut",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "4.08",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-IO Digital 12xIn, 12xOut, 1xRS232",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-IO Digital 12xIn, 12xOut, 1xRS232",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-IO Digital 2xIn, 2xOut",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-IO Digital 2xIn, 2xOut",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-IO Digital 2xIn, 2xOut",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-IO Digital Logger 6xIn, 6xOut",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "3.70",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-Thermograph 2x",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-Thermograph 8x",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-Thermograph NTC",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-Thermograph NTC PoE",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-Thermograph Pt100 / Pt1000",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-Thermograph Pt100 / Pt1000 PoE",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-Thermograph Relais",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-Thermo-Hygrobarograph",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-Thermo-Hygrograph",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An low privileged remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into several fields of the configuration webpage with limited impact.\u003cbr\u003e"
                }
              ],
              "value": "An low privileged remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into several fields of the configuration webpage with limited impact."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-06T08:01:58.965Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2025-032"
            }
          ],
          "source": {
            "advisory": "VDE-2025-032",
            "defect": [
              "CERT@VDE#641768"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Wiesemann \u0026 Theis: Multiple W\u0026T Products are vulnerable to cross-site-scripting",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-3020",
        "datePublished": "2025-05-06T08:01:58.965Z",
        "dateReserved": "2025-03-31T06:31:36.670Z",
        "dateUpdated": "2025-05-06T13:52:19.548Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3200 (GCVE-0-2025-3200)

    Vulnerability from nvd – Published: 2025-04-28 09:37 – Updated: 2025-04-28 12:23
    VLAI
    Title
    Com-Server Exposed via Weak TLS
    Summary
    An unauthenticated remote attacker could exploit the used, insecure TLS 1.0 and TLS 1.1 protocols to intercept and manipulate encrypted communications between the Com-Server and connected systems.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3200",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-28T12:23:16.928439Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-28T12:23:31.446Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server++",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.60",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server PoE 3x Isolated",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.60",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server 20mA",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.60",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server OEM",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.60",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server UL",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.60",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker could exploit the used, insecure TLS 1.0 and TLS 1.1 protocols to intercept and manipulate encrypted communications between the Com-Server and connected systems.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker could exploit the used, insecure TLS 1.0 and TLS 1.1 protocols to intercept and manipulate encrypted communications between the Com-Server and connected systems."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-28T09:37:03.936Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/en/advisories/VDE-2025-031/"
            }
          ],
          "source": {
            "advisory": "VDE-2025-031",
            "defect": [
              "CERT@VDE#641767"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Com-Server Exposed via Weak TLS",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-3200",
        "datePublished": "2025-04-28T09:37:02.366Z",
        "dateReserved": "2025-04-03T12:24:49.808Z",
        "dateUpdated": "2025-04-28T12:23:31.446Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-4098 (GCVE-0-2022-4098)

    Vulnerability from nvd – Published: 2022-12-13 07:26 – Updated: 2025-04-14 18:12
    VLAI
    Title
    Wiesemann & Theis: Multiple products prone to missing authentication through spoofing
    Summary
    Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by crafting modified HTTP Get requests. This may result in a complete takeover of the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-290 - Authentication Bypass by Spoofing
    Assigner
    References
    Impacted products
    Vendor Product Version
    Wiesemann & Theis Com-Server ++ Affected: 0 , < 1.55 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server 20mA Affected: 0 , < 1.55 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 100BaseFX Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 100BaseLX Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 19" 1Port Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 19" 4Port Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Compact Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Industry Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Isolated Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed OEM Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Office 1 Port Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Office 4 Port Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed PoE Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server LC Affected: 0 , < 1.55 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server PoE 3 x Isolated Affected: 0 , < 1.55 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server UL Affected: 0 , < 1.55 (semver)
    Create a notification for this product.
    Credits
    Wiesemann & Theis would like to thank Martin Weiß for responsibly disclosing this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:27:54.380Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-057/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-4098",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T18:06:43.505209Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T18:12:33.668Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server ++",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server 20mA",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 100BaseFX",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 100BaseLX",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 19\" 1Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 19\" 4Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Compact",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Industry",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Isolated",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed OEM",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Office 1 Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Office 4 Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed PoE",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server LC",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server PoE 3 x Isolated",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server UL",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Wiesemann \u0026 Theis would like to thank Martin Wei\u00df for responsibly disclosing this vulnerability."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple Wiesemann\u0026amp;Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by crafting modified HTTP Get requests. This may result in a complete takeover of the device."
                }
              ],
              "value": "Multiple Wiesemann\u0026Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by crafting modified HTTP Get requests. This may result in a complete takeover of the device."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-151",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-151 Identity Spoofing"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-290",
                  "description": "CWE-290 Authentication Bypass by Spoofing",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-12T09:48:16.966Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2022-057/"
            }
          ],
          "source": {
            "advisory": "VDE-2022-057",
            "defect": [
              "CERT@VDE#64297"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Wiesemann \u0026 Theis: Multiple products prone to missing authentication through spoofing",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-4098",
        "datePublished": "2022-12-13T07:26:17.752Z",
        "dateReserved": "2022-11-21T11:21:00.430Z",
        "dateUpdated": "2025-04-14T18:12:33.668Z",
        "requesterUserId": "a1e5283b-8f0d-401e-98b2-bc6219c0e8d1",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-42785 (GCVE-0-2022-42785)

    Vulnerability from nvd – Published: 2022-11-10 11:01 – Updated: 2025-05-01 19:02
    VLAI
    Title
    Wiesemann & Theis: Authentication bypass in Com-Server family
    Summary
    Multiple W&T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET Request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    Wiesemann & Theis Com-Server LC Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server PoE 3 x Isolated Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server 20mA Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server ++ Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis AT-Modem-Emulator Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server UL Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 100BaseFX Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 100BaseLX Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Office 1 Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Office 4 Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Industry Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed OEM Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Compact Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Isolated Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 19" 1Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 19" 4Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed PoE Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Date Public
    2022-11-07 10:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:19:04.510Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/de/advisories/VDE-2022-043/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-42785",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-01T19:01:46.831217Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-01T19:02:00.365Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server LC",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server PoE 3 x Isolated",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server 20mA",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server ++",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AT-Modem-Emulator",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server UL",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 100BaseFX",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 100BaseLX",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Office 1 Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Office 4 Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Industry",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed OEM",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Compact",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Isolated",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 19\" 1Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 19\" 4Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed PoE",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2022-11-07T10:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple W\u0026amp;T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET Request."
                }
              ],
              "value": "Multiple W\u0026T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET Request."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-15T20:43:00.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/de/advisories/VDE-2022-043/"
            }
          ],
          "source": {
            "advisory": "VDE-2022-043",
            "defect": [
              "CERT@VDE#64257"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Wiesemann \u0026 Theis: Authentication bypass in Com-Server family",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-42785",
        "datePublished": "2022-11-10T11:01:41.011Z",
        "dateReserved": "2022-10-11T13:32:19.671Z",
        "dateUpdated": "2025-05-01T19:02:00.365Z",
        "requesterUserId": "a1e5283b-8f0d-401e-98b2-bc6219c0e8d1",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-42787 (GCVE-0-2022-42787)

    Vulnerability from nvd – Published: 2022-11-10 11:06 – Updated: 2025-05-01 19:01
    VLAI
    Title
    Wiesemann & Theis: Small number space for allocating session id in Com-Server family
    Summary
    Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be successful a user interaction is required.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-330 - Use of Insufficiently Random Values
    Assigner
    References
    Impacted products
    Vendor Product Version
    Wiesemann & Theis Com-Server LC Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server PoE 3 x Isolated Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server 20mA Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server ++ Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis AT-Modem-Emulator Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server UL Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 100BaseFX Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 100BaseLX Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Office 1 Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Office 4 Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Industry Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed OEM Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Compact Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Isolated Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 19" 1Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 19" 4Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed PoE Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Date Public
    2022-11-07 10:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:19:04.509Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/de/advisories/VDE-2022-043"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-42787",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-01T19:01:02.435905Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-01T19:01:20.740Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server LC",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server PoE 3 x Isolated",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server 20mA",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server ++",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AT-Modem-Emulator",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server UL",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 100BaseFX",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 100BaseLX",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Office 1 Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Office 4 Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Industry",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed OEM",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Compact",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Isolated",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 19\" 1Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 19\" 4Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed PoE",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2022-11-07T10:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple W\u0026amp;T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be successful a user interaction is required."
                }
              ],
              "value": "Multiple W\u0026T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be successful a user interaction is required."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-112",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-112 Brute Force"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-330",
                  "description": "CWE-330 Use of Insufficiently Random Values",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-01T13:56:46.185Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/de/advisories/VDE-2022-043"
            }
          ],
          "source": {
            "advisory": "VDE-2022-043",
            "defect": [
              "CERT@VDE#64257"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Wiesemann \u0026 Theis: Small number space for allocating session id in Com-Server family",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-42787",
        "datePublished": "2022-11-10T11:06:20.856Z",
        "dateReserved": "2022-10-11T13:32:19.672Z",
        "dateUpdated": "2025-05-01T19:01:20.740Z",
        "requesterUserId": "a1e5283b-8f0d-401e-98b2-bc6219c0e8d1",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-42786 (GCVE-0-2022-42786)

    Vulnerability from nvd – Published: 2022-11-10 11:02 – Updated: 2025-04-29 14:56
    VLAI
    Title
    Wiesemann & Theis: XSS vulnerability in web interface of the Com-Server family
    Summary
    Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Wiesemann & Theis Com-Server LC Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server PoE 3 x Isolated Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server 20mA Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server ++ Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis AT-Modem-Emulator Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server UL Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 100BaseFX Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 100BaseLX Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Office 1 Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Office 4 Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Industry Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed OEM Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Compact Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Isolated Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 19" 1Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 19" 4Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed PoE Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Date Public
    2022-11-07 10:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:19:04.411Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/de/advisories/VDE-2022-043/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-42786",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-29T14:56:37.167104Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-29T14:56:50.373Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server LC",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server PoE 3 x Isolated",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server 20mA",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server ++",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AT-Modem-Emulator",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server UL",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 100BaseFX",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 100BaseLX",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Office 1 Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Office 4 Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Industry",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed OEM",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Compact",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Isolated",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 19\" 1Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 19\" 4Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed PoE",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2022-11-07T10:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple W\u0026amp;T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage"
                }
              ],
              "value": "Multiple W\u0026T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-32",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-32 XSS Through HTTP Query Strings"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-16T08:53:50.333Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/de/advisories/VDE-2022-043/"
            }
          ],
          "source": {
            "advisory": "VDE-2022-043",
            "defect": [
              "CERT@VDE#64257"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Wiesemann \u0026 Theis: XSS vulnerability in web interface of the Com-Server family",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-42786",
        "datePublished": "2022-11-10T11:02:32.615Z",
        "dateReserved": "2022-10-11T13:32:19.672Z",
        "dateUpdated": "2025-04-29T14:56:50.373Z",
        "requesterUserId": "a1e5283b-8f0d-401e-98b2-bc6219c0e8d1",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-41689 (GCVE-0-2025-41689)

    Vulnerability from cvelistv5 – Published: 2025-08-19 08:07 – Updated: 2025-08-25 09:23
    VLAI
    Title
    Wiesemann & Theis: Motherbox 3 allows unauthenticated read-only DB access
    Summary
    An unauthenticated remote attacker can get access without password protection to the affected device. This enables the unprotected read-only access to the stored measurement data.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    Wiesemann & Theis Motherbox 3 Affected: 1.44 , ≤ 1.48 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41689",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-19T13:19:50.266596Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-19T13:19:55.497Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Motherbox 3",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThanOrEqual": "1.48",
                  "status": "affected",
                  "version": "1.44",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn unauthenticated remote attacker can get access without password protection to the affected device. This enables the unprotected read-only access to the stored measurement data.\u003c/p\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker can get access without password protection to the affected device. This enables the unprotected read-only access to the stored measurement data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-25T09:23:13.175Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/en/advisories/VDE-2025-067"
            }
          ],
          "source": {
            "advisory": "VDE-2025-67",
            "defect": [
              "CERT@VDE#641832"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Wiesemann \u0026 Theis: Motherbox 3 allows unauthenticated read-only DB access",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41689",
        "datePublished": "2025-08-19T08:07:01.652Z",
        "dateReserved": "2025-04-16T11:17:48.309Z",
        "dateUpdated": "2025-08-25T09:23:13.175Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3020 (GCVE-0-2025-3020)

    Vulnerability from cvelistv5 – Published: 2025-05-06 08:01 – Updated: 2025-05-06 13:52
    VLAI
    Title
    Wiesemann & Theis: Multiple W&T Products are vulnerable to cross-site-scripting
    Summary
    An low privileged remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into several fields of the configuration webpage with limited impact.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Wiesemann & Theis ERP-Gateway 12x Digital Input, 6x Digital Relais Affected: all
    Create a notification for this product.
    Wiesemann & Theis ERP-Gateway 2x Digital Input, 2x Digital Output Affected: all
    Create a notification for this product.
    Wiesemann & Theis ERP-Gateway 2x Digital PoE Affected: all
    Create a notification for this product.
    Wiesemann & Theis Web-Alarm 6x6 DigitalWeb-Alarm 6x6 Digital Affected: all
    Create a notification for this product.
    Wiesemann & Theis Web-Count 6x Digital Affected: 0 , < 3.79 (semver)
    Create a notification for this product.
    Wiesemann & Theis Web-Graph Air Quality Affected: all
    Create a notification for this product.
    Wiesemann & Theis Web-IO 12x Digital Input, 6x Digital Relais Affected: all
    Create a notification for this product.
    Wiesemann & Theis Web-IO Analog-In/Out 2x 0/4..20mA PoE Affected: all
    Create a notification for this product.
    Wiesemann & Theis Web-IO Digital 12xIn, 12xOut Affected: all
    Create a notification for this product.
    Wiesemann & Theis Web-IO Digital 12xIn, 12xOut Affected: 0 , < 4.08 (semver)
    Create a notification for this product.
    Wiesemann & Theis Web-IO Digital 12xIn, 12xOut, 1xRS232 Affected: all
    Create a notification for this product.
    Wiesemann & Theis Web-IO Digital 2xIn, 2xOut Affected: all
    Create a notification for this product.
    Wiesemann & Theis Web-IO Digital Logger 6xIn, 6xOut Affected: 0 , < 3.70 (semver)
    Create a notification for this product.
    Wiesemann & Theis Web-Thermograph 2x Affected: all
    Create a notification for this product.
    Wiesemann & Theis Web-Thermograph 8x Affected: all
    Create a notification for this product.
    Wiesemann & Theis Web-Thermograph NTC Affected: all
    Create a notification for this product.
    Wiesemann & Theis Web-Thermograph NTC PoE Affected: all
    Create a notification for this product.
    Wiesemann & Theis Web-Thermograph Pt100 / Pt1000 Affected: all
    Create a notification for this product.
    Wiesemann & Theis Web-Thermograph Pt100 / Pt1000 PoE Affected: all
    Create a notification for this product.
    Wiesemann & Theis Web-Thermograph Relais Affected: all
    Create a notification for this product.
    Wiesemann & Theis Web-Thermo-Hygrobarograph Affected: all
    Create a notification for this product.
    Wiesemann & Theis Web-Thermo-Hygrograph Affected: all
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3020",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-06T13:52:10.556193Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-06T13:52:19.548Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ERP-Gateway 12x Digital Input, 6x Digital Relais",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ERP-Gateway 2x Digital Input, 2x Digital Output",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ERP-Gateway 2x Digital PoE",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-Alarm 6x6 DigitalWeb-Alarm 6x6 Digital",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-Count 6x Digital",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "3.79",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-Graph Air Quality",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-IO 12x Digital Input, 6x Digital Relais",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-IO 12x Digital Input, 6x Digital Relais",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-IO 12x Digital Input, 6x Digital Relais",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-IO Analog-In/Out 2x 0/4..20mA PoE",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-IO Digital 12xIn, 12xOut",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-IO Digital 12xIn, 12xOut",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-IO Digital 12xIn, 12xOut",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "4.08",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-IO Digital 12xIn, 12xOut, 1xRS232",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-IO Digital 12xIn, 12xOut, 1xRS232",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-IO Digital 2xIn, 2xOut",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-IO Digital 2xIn, 2xOut",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-IO Digital 2xIn, 2xOut",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-IO Digital Logger 6xIn, 6xOut",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "3.70",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-Thermograph 2x",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-Thermograph 8x",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-Thermograph NTC",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-Thermograph NTC PoE",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-Thermograph Pt100 / Pt1000",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-Thermograph Pt100 / Pt1000 PoE",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-Thermograph Relais",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-Thermo-Hygrobarograph",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web-Thermo-Hygrograph",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An low privileged remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into several fields of the configuration webpage with limited impact.\u003cbr\u003e"
                }
              ],
              "value": "An low privileged remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into several fields of the configuration webpage with limited impact."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-06T08:01:58.965Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2025-032"
            }
          ],
          "source": {
            "advisory": "VDE-2025-032",
            "defect": [
              "CERT@VDE#641768"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Wiesemann \u0026 Theis: Multiple W\u0026T Products are vulnerable to cross-site-scripting",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-3020",
        "datePublished": "2025-05-06T08:01:58.965Z",
        "dateReserved": "2025-03-31T06:31:36.670Z",
        "dateUpdated": "2025-05-06T13:52:19.548Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3200 (GCVE-0-2025-3200)

    Vulnerability from cvelistv5 – Published: 2025-04-28 09:37 – Updated: 2025-04-28 12:23
    VLAI
    Title
    Com-Server Exposed via Weak TLS
    Summary
    An unauthenticated remote attacker could exploit the used, insecure TLS 1.0 and TLS 1.1 protocols to intercept and manipulate encrypted communications between the Com-Server and connected systems.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3200",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-28T12:23:16.928439Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-28T12:23:31.446Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server++",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.60",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server PoE 3x Isolated",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.60",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server 20mA",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.60",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server OEM",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.60",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server UL",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.60",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker could exploit the used, insecure TLS 1.0 and TLS 1.1 protocols to intercept and manipulate encrypted communications between the Com-Server and connected systems.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker could exploit the used, insecure TLS 1.0 and TLS 1.1 protocols to intercept and manipulate encrypted communications between the Com-Server and connected systems."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-28T09:37:03.936Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/en/advisories/VDE-2025-031/"
            }
          ],
          "source": {
            "advisory": "VDE-2025-031",
            "defect": [
              "CERT@VDE#641767"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Com-Server Exposed via Weak TLS",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-3200",
        "datePublished": "2025-04-28T09:37:02.366Z",
        "dateReserved": "2025-04-03T12:24:49.808Z",
        "dateUpdated": "2025-04-28T12:23:31.446Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-4098 (GCVE-0-2022-4098)

    Vulnerability from cvelistv5 – Published: 2022-12-13 07:26 – Updated: 2025-04-14 18:12
    VLAI
    Title
    Wiesemann & Theis: Multiple products prone to missing authentication through spoofing
    Summary
    Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by crafting modified HTTP Get requests. This may result in a complete takeover of the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-290 - Authentication Bypass by Spoofing
    Assigner
    References
    Impacted products
    Vendor Product Version
    Wiesemann & Theis Com-Server ++ Affected: 0 , < 1.55 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server 20mA Affected: 0 , < 1.55 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 100BaseFX Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 100BaseLX Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 19" 1Port Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 19" 4Port Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Compact Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Industry Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Isolated Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed OEM Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Office 1 Port Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Office 4 Port Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed PoE Affected: 0 , < 1.78 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server LC Affected: 0 , < 1.55 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server PoE 3 x Isolated Affected: 0 , < 1.55 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server UL Affected: 0 , < 1.55 (semver)
    Create a notification for this product.
    Credits
    Wiesemann & Theis would like to thank Martin Weiß for responsibly disclosing this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:27:54.380Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-057/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-4098",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T18:06:43.505209Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T18:12:33.668Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server ++",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server 20mA",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 100BaseFX",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 100BaseLX",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 19\" 1Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 19\" 4Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Compact",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Industry",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Isolated",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed OEM",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Office 1 Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Office 4 Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed PoE",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.78",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server LC",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server PoE 3 x Isolated",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server UL",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.55",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Wiesemann \u0026 Theis would like to thank Martin Wei\u00df for responsibly disclosing this vulnerability."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple Wiesemann\u0026amp;Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by crafting modified HTTP Get requests. This may result in a complete takeover of the device."
                }
              ],
              "value": "Multiple Wiesemann\u0026Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by crafting modified HTTP Get requests. This may result in a complete takeover of the device."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-151",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-151 Identity Spoofing"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-290",
                  "description": "CWE-290 Authentication Bypass by Spoofing",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-12T09:48:16.966Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2022-057/"
            }
          ],
          "source": {
            "advisory": "VDE-2022-057",
            "defect": [
              "CERT@VDE#64297"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Wiesemann \u0026 Theis: Multiple products prone to missing authentication through spoofing",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-4098",
        "datePublished": "2022-12-13T07:26:17.752Z",
        "dateReserved": "2022-11-21T11:21:00.430Z",
        "dateUpdated": "2025-04-14T18:12:33.668Z",
        "requesterUserId": "a1e5283b-8f0d-401e-98b2-bc6219c0e8d1",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-42787 (GCVE-0-2022-42787)

    Vulnerability from cvelistv5 – Published: 2022-11-10 11:06 – Updated: 2025-05-01 19:01
    VLAI
    Title
    Wiesemann & Theis: Small number space for allocating session id in Com-Server family
    Summary
    Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be successful a user interaction is required.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-330 - Use of Insufficiently Random Values
    Assigner
    References
    Impacted products
    Vendor Product Version
    Wiesemann & Theis Com-Server LC Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server PoE 3 x Isolated Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server 20mA Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server ++ Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis AT-Modem-Emulator Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server UL Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 100BaseFX Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 100BaseLX Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Office 1 Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Office 4 Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Industry Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed OEM Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Compact Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Isolated Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 19" 1Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 19" 4Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed PoE Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Date Public
    2022-11-07 10:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:19:04.509Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/de/advisories/VDE-2022-043"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-42787",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-01T19:01:02.435905Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-01T19:01:20.740Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server LC",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server PoE 3 x Isolated",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server 20mA",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server ++",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AT-Modem-Emulator",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server UL",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 100BaseFX",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 100BaseLX",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Office 1 Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Office 4 Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Industry",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed OEM",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Compact",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Isolated",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 19\" 1Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 19\" 4Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed PoE",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2022-11-07T10:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple W\u0026amp;T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be successful a user interaction is required."
                }
              ],
              "value": "Multiple W\u0026T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be successful a user interaction is required."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-112",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-112 Brute Force"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-330",
                  "description": "CWE-330 Use of Insufficiently Random Values",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-01T13:56:46.185Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/de/advisories/VDE-2022-043"
            }
          ],
          "source": {
            "advisory": "VDE-2022-043",
            "defect": [
              "CERT@VDE#64257"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Wiesemann \u0026 Theis: Small number space for allocating session id in Com-Server family",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-42787",
        "datePublished": "2022-11-10T11:06:20.856Z",
        "dateReserved": "2022-10-11T13:32:19.672Z",
        "dateUpdated": "2025-05-01T19:01:20.740Z",
        "requesterUserId": "a1e5283b-8f0d-401e-98b2-bc6219c0e8d1",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-42786 (GCVE-0-2022-42786)

    Vulnerability from cvelistv5 – Published: 2022-11-10 11:02 – Updated: 2025-04-29 14:56
    VLAI
    Title
    Wiesemann & Theis: XSS vulnerability in web interface of the Com-Server family
    Summary
    Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Wiesemann & Theis Com-Server LC Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server PoE 3 x Isolated Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server 20mA Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server ++ Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis AT-Modem-Emulator Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server UL Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 100BaseFX Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 100BaseLX Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Office 1 Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Office 4 Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Industry Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed OEM Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Compact Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Isolated Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 19" 1Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 19" 4Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed PoE Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Date Public
    2022-11-07 10:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:19:04.411Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/de/advisories/VDE-2022-043/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-42786",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-29T14:56:37.167104Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-29T14:56:50.373Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server LC",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server PoE 3 x Isolated",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server 20mA",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server ++",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AT-Modem-Emulator",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server UL",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 100BaseFX",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 100BaseLX",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Office 1 Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Office 4 Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Industry",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed OEM",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Compact",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Isolated",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 19\" 1Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 19\" 4Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed PoE",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2022-11-07T10:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple W\u0026amp;T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage"
                }
              ],
              "value": "Multiple W\u0026T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-32",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-32 XSS Through HTTP Query Strings"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-16T08:53:50.333Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/de/advisories/VDE-2022-043/"
            }
          ],
          "source": {
            "advisory": "VDE-2022-043",
            "defect": [
              "CERT@VDE#64257"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Wiesemann \u0026 Theis: XSS vulnerability in web interface of the Com-Server family",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-42786",
        "datePublished": "2022-11-10T11:02:32.615Z",
        "dateReserved": "2022-10-11T13:32:19.672Z",
        "dateUpdated": "2025-04-29T14:56:50.373Z",
        "requesterUserId": "a1e5283b-8f0d-401e-98b2-bc6219c0e8d1",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-42785 (GCVE-0-2022-42785)

    Vulnerability from cvelistv5 – Published: 2022-11-10 11:01 – Updated: 2025-05-01 19:02
    VLAI
    Title
    Wiesemann & Theis: Authentication bypass in Com-Server family
    Summary
    Multiple W&T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET Request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    Wiesemann & Theis Com-Server LC Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server PoE 3 x Isolated Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server 20mA Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server ++ Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis AT-Modem-Emulator Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server UL Affected: 1.0 , < 1.48 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 100BaseFX Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 100BaseLX Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Office 1 Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Office 4 Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Industry Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed OEM Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Compact Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed Isolated Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 19" 1Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed 19" 4Port Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Wiesemann & Theis Com-Server Highspeed PoE Affected: 1.0 , < 1.76 (semver)
    Create a notification for this product.
    Date Public
    2022-11-07 10:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:19:04.510Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/de/advisories/VDE-2022-043/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-42785",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-01T19:01:46.831217Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-01T19:02:00.365Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server LC",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server PoE 3 x Isolated",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server 20mA",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server ++",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AT-Modem-Emulator",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server UL",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.48",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 100BaseFX",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 100BaseLX",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Office 1 Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Office 4 Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Industry",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed OEM",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Compact",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed Isolated",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 19\" 1Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed 19\" 4Port",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Com-Server Highspeed PoE",
              "vendor": "Wiesemann \u0026 Theis",
              "versions": [
                {
                  "lessThan": "1.76",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2022-11-07T10:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple W\u0026amp;T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET Request."
                }
              ],
              "value": "Multiple W\u0026T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET Request."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-15T20:43:00.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/de/advisories/VDE-2022-043/"
            }
          ],
          "source": {
            "advisory": "VDE-2022-043",
            "defect": [
              "CERT@VDE#64257"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Wiesemann \u0026 Theis: Authentication bypass in Com-Server family",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-42785",
        "datePublished": "2022-11-10T11:01:41.011Z",
        "dateReserved": "2022-10-11T13:32:19.671Z",
        "dateUpdated": "2025-05-01T19:02:00.365Z",
        "requesterUserId": "a1e5283b-8f0d-401e-98b2-bc6219c0e8d1",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }