Vulnerability-Lookup

VDE-2022-043

Vulnerability from csaf_wiesemanntheisgmbh - Published: 2022-11-07 11:43 - Updated: 2022-11-07 12:14

Summary

Wiesemann & Theis: Multiple Vulnerabilities in the Com-Server Family

Notes

Summary: Multiple Wiesemann & Theis product families are affected by multiple vulnerabilities in the web interface.

Impact: See CVEs for further details.

Remediation: - Update Com-Server Family to version 1.48 or higher. - Update the Com-Server Highspeed Family to version 1.76 or higher.

CVE-2022-42785

Multiple W&T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET Request.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-306 - Missing Authentication for Critical Function

Vendor Fix - Update Com-Server Family to version 1.48 or higher. - Update the Com-Server Highspeed Family to version 1.76 or higher.

Affected products

Known affected 17 products

Product	Identifier	Version
AT-Modem-Emulator <1.48 Wiesemann & Theis / Software / AT-Modem-Emulator	`58666`	<1.48
Com-Server ++ <1.48 Wiesemann & Theis / Software / Com-Server ++	`58665`	<1.48
Com-Server 20mA <1.48 Wiesemann & Theis / Software / Com-Server 20mA	`58664`	<1.48
Com-Server Highspeed 100BaseFX <1.76 Wiesemann & Theis / Software / Com-Server Highspeed 100BaseFX	`58651`	<1.76
Com-Server Highspeed 100BaseLX <1.76 Wiesemann & Theis / Software / Com-Server Highspeed 100BaseLX	`58652`	<1.76
Com-Server Highspeed 19" 1Port <1.76 Wiesemann & Theis / Software / Com-Server Highspeed 19" 1Port	`58331`	<1.76
Com-Server Highspeed 19" 4Port <1.76 Wiesemann & Theis / Software / Com-Server Highspeed 19" 4Port	`58334`	<1.76
Com-Server Highspeed Compact <1.76 Wiesemann & Theis / Software / Com-Server Highspeed Compact	`58231`	<1.76
Com-Server Highspeed Industry <1.76 Wiesemann & Theis / Software / Com-Server Highspeed Industry	`58631`	<1.76
Com-Server Highspeed Isolated <1.76 Wiesemann & Theis / Software / Com-Server Highspeed Isolated	`58633`	<1.76
Com-Server Highspeed OEM <1.76 Wiesemann & Theis / Software / Com-Server Highspeed OEM	`58431`	<1.76
Com-Server Highspeed Office 1 Port <1.76 Wiesemann & Theis / Software / Com-Server Highspeed Office 1 Port	`58031`	<1.76
Com-Server Highspeed Office 4 Port <1.76 Wiesemann & Theis / Software / Com-Server Highspeed Office 4 Port	`58034`	<1.76
Com-Server Highspeed PoE <1.76 Wiesemann & Theis / Software / Com-Server Highspeed PoE	`58641`	<1.76
Com-Server LC <1.48 Wiesemann & Theis / Software / Com-Server LC	`58661`	<1.48
Com-Server PoE 3 x Isolated <1.48 Wiesemann & Theis / Software / Com-Server PoE 3 x Isolated	`58662`	<1.48
Com-Server UL <1.48 Wiesemann & Theis / Software / Com-Server UL	`58669`	<1.48

Fixed 17 products

Product	Identifier	Version	Remediation
AT-Modem-Emulator 1.48 Wiesemann & Theis / Software / AT-Modem-Emulator		1.48
Com-Server ++ 1.48 Wiesemann & Theis / Software / Com-Server ++		1.48
Com-Server 20mA 1.48 Wiesemann & Theis / Software / Com-Server 20mA		1.48
Com-Server Highspeed 100BaseFX 1.76 Wiesemann & Theis / Software / Com-Server Highspeed 100BaseFX		1.76
Com-Server Highspeed 100BaseLX 1.76 Wiesemann & Theis / Software / Com-Server Highspeed 100BaseLX		1.76
Com-Server Highspeed 19" 1Port 1.76 Wiesemann & Theis / Software / Com-Server Highspeed 19" 1Port		1.76
Com-Server Highspeed 19" 4Port 1.76 Wiesemann & Theis / Software / Com-Server Highspeed 19" 4Port		1.76
Com-Server Highspeed Compact 1.76 Wiesemann & Theis / Software / Com-Server Highspeed Compact		1.76
Com-Server Highspeed Industry 1.76 Wiesemann & Theis / Software / Com-Server Highspeed Industry		—
Com-Server Highspeed Isolated 1.76 Wiesemann & Theis / Software / Com-Server Highspeed Isolated		—
Com-Server Highspeed OEM 1.76 Wiesemann & Theis / Software / Com-Server Highspeed OEM		—
Com-Server Highspeed Office 1 Port 1.76 Wiesemann & Theis / Software / Com-Server Highspeed Office 1 Port		1.76
Com-Server Highspeed Office 4 Port 1.76 Wiesemann & Theis / Software / Com-Server Highspeed Office 4 Port		1.76
Com-Server Highspeed PoE 1.76 Wiesemann & Theis / Software / Com-Server Highspeed PoE		1.76
Com-Server LC 1.48 Wiesemann & Theis / Software / Com-Server LC		1.48
Com-Server PoE 3 x Isolated 1.48 Wiesemann & Theis / Software / Com-Server PoE 3 x Isolated		1.48
Com-Server UL 1.48 Wiesemann & Theis / Software / Com-Server UL		1.48

CVE-2022-42787

Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to the his account on the the device.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-334 - Small Space of Random Values

Vendor Fix - Update Com-Server Family to version 1.48 or higher. - Update the Com-Server Highspeed Family to version 1.76 or higher.

Affected products

Known affected 17 products

Product	Identifier	Version
AT-Modem-Emulator <1.48 Wiesemann & Theis / Software / AT-Modem-Emulator	`58666`	<1.48
Com-Server ++ <1.48 Wiesemann & Theis / Software / Com-Server ++	`58665`	<1.48
Com-Server 20mA <1.48 Wiesemann & Theis / Software / Com-Server 20mA	`58664`	<1.48
Com-Server Highspeed 100BaseFX <1.76 Wiesemann & Theis / Software / Com-Server Highspeed 100BaseFX	`58651`	<1.76
Com-Server Highspeed 100BaseLX <1.76 Wiesemann & Theis / Software / Com-Server Highspeed 100BaseLX	`58652`	<1.76
Com-Server Highspeed 19" 1Port <1.76 Wiesemann & Theis / Software / Com-Server Highspeed 19" 1Port	`58331`	<1.76
Com-Server Highspeed 19" 4Port <1.76 Wiesemann & Theis / Software / Com-Server Highspeed 19" 4Port	`58334`	<1.76
Com-Server Highspeed Compact <1.76 Wiesemann & Theis / Software / Com-Server Highspeed Compact	`58231`	<1.76
Com-Server Highspeed Industry <1.76 Wiesemann & Theis / Software / Com-Server Highspeed Industry	`58631`	<1.76
Com-Server Highspeed Isolated <1.76 Wiesemann & Theis / Software / Com-Server Highspeed Isolated	`58633`	<1.76
Com-Server Highspeed OEM <1.76 Wiesemann & Theis / Software / Com-Server Highspeed OEM	`58431`	<1.76
Com-Server Highspeed Office 1 Port <1.76 Wiesemann & Theis / Software / Com-Server Highspeed Office 1 Port	`58031`	<1.76
Com-Server Highspeed Office 4 Port <1.76 Wiesemann & Theis / Software / Com-Server Highspeed Office 4 Port	`58034`	<1.76
Com-Server Highspeed PoE <1.76 Wiesemann & Theis / Software / Com-Server Highspeed PoE	`58641`	<1.76
Com-Server LC <1.48 Wiesemann & Theis / Software / Com-Server LC	`58661`	<1.48
Com-Server PoE 3 x Isolated <1.48 Wiesemann & Theis / Software / Com-Server PoE 3 x Isolated	`58662`	<1.48
Com-Server UL <1.48 Wiesemann & Theis / Software / Com-Server UL	`58669`	<1.48

Fixed 17 products

Product	Identifier	Version	Remediation
AT-Modem-Emulator 1.48 Wiesemann & Theis / Software / AT-Modem-Emulator		1.48
Com-Server ++ 1.48 Wiesemann & Theis / Software / Com-Server ++		1.48
Com-Server 20mA 1.48 Wiesemann & Theis / Software / Com-Server 20mA		1.48
Com-Server Highspeed 100BaseFX 1.76 Wiesemann & Theis / Software / Com-Server Highspeed 100BaseFX		1.76
Com-Server Highspeed 100BaseLX 1.76 Wiesemann & Theis / Software / Com-Server Highspeed 100BaseLX		1.76
Com-Server Highspeed 19" 1Port 1.76 Wiesemann & Theis / Software / Com-Server Highspeed 19" 1Port		1.76
Com-Server Highspeed 19" 4Port 1.76 Wiesemann & Theis / Software / Com-Server Highspeed 19" 4Port		1.76
Com-Server Highspeed Compact 1.76 Wiesemann & Theis / Software / Com-Server Highspeed Compact		1.76
Com-Server Highspeed Industry 1.76 Wiesemann & Theis / Software / Com-Server Highspeed Industry		—
Com-Server Highspeed Isolated 1.76 Wiesemann & Theis / Software / Com-Server Highspeed Isolated		—
Com-Server Highspeed OEM 1.76 Wiesemann & Theis / Software / Com-Server Highspeed OEM		—
Com-Server Highspeed Office 1 Port 1.76 Wiesemann & Theis / Software / Com-Server Highspeed Office 1 Port		1.76
Com-Server Highspeed Office 4 Port 1.76 Wiesemann & Theis / Software / Com-Server Highspeed Office 4 Port		1.76
Com-Server Highspeed PoE 1.76 Wiesemann & Theis / Software / Com-Server Highspeed PoE		1.76
Com-Server LC 1.48 Wiesemann & Theis / Software / Com-Server LC		1.48
Com-Server PoE 3 x Isolated 1.48 Wiesemann & Theis / Software / Com-Server PoE 3 x Isolated		1.48
Com-Server UL 1.48 Wiesemann & Theis / Software / Com-Server UL		1.48

CVE-2022-42786

Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage.

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Vendor Fix - Update Com-Server Family to version 1.48 or higher. - Update the Com-Server Highspeed Family to version 1.76 or higher.

Affected products

Known affected 17 products

Product	Identifier	Version
AT-Modem-Emulator <1.48 Wiesemann & Theis / Software / AT-Modem-Emulator	`58666`	<1.48
Com-Server ++ <1.48 Wiesemann & Theis / Software / Com-Server ++	`58665`	<1.48
Com-Server 20mA <1.48 Wiesemann & Theis / Software / Com-Server 20mA	`58664`	<1.48
Com-Server Highspeed 100BaseFX <1.76 Wiesemann & Theis / Software / Com-Server Highspeed 100BaseFX	`58651`	<1.76
Com-Server Highspeed 100BaseLX <1.76 Wiesemann & Theis / Software / Com-Server Highspeed 100BaseLX	`58652`	<1.76
Com-Server Highspeed 19" 1Port <1.76 Wiesemann & Theis / Software / Com-Server Highspeed 19" 1Port	`58331`	<1.76
Com-Server Highspeed 19" 4Port <1.76 Wiesemann & Theis / Software / Com-Server Highspeed 19" 4Port	`58334`	<1.76
Com-Server Highspeed Compact <1.76 Wiesemann & Theis / Software / Com-Server Highspeed Compact	`58231`	<1.76
Com-Server Highspeed Industry <1.76 Wiesemann & Theis / Software / Com-Server Highspeed Industry	`58631`	<1.76
Com-Server Highspeed Isolated <1.76 Wiesemann & Theis / Software / Com-Server Highspeed Isolated	`58633`	<1.76
Com-Server Highspeed OEM <1.76 Wiesemann & Theis / Software / Com-Server Highspeed OEM	`58431`	<1.76
Com-Server Highspeed Office 1 Port <1.76 Wiesemann & Theis / Software / Com-Server Highspeed Office 1 Port	`58031`	<1.76
Com-Server Highspeed Office 4 Port <1.76 Wiesemann & Theis / Software / Com-Server Highspeed Office 4 Port	`58034`	<1.76
Com-Server Highspeed PoE <1.76 Wiesemann & Theis / Software / Com-Server Highspeed PoE	`58641`	<1.76
Com-Server LC <1.48 Wiesemann & Theis / Software / Com-Server LC	`58661`	<1.48
Com-Server PoE 3 x Isolated <1.48 Wiesemann & Theis / Software / Com-Server PoE 3 x Isolated	`58662`	<1.48
Com-Server UL <1.48 Wiesemann & Theis / Software / Com-Server UL	`58669`	<1.48

Fixed 17 products

Product	Identifier	Version	Remediation
AT-Modem-Emulator 1.48 Wiesemann & Theis / Software / AT-Modem-Emulator		1.48
Com-Server ++ 1.48 Wiesemann & Theis / Software / Com-Server ++		1.48
Com-Server 20mA 1.48 Wiesemann & Theis / Software / Com-Server 20mA		1.48
Com-Server Highspeed 100BaseFX 1.76 Wiesemann & Theis / Software / Com-Server Highspeed 100BaseFX		1.76
Com-Server Highspeed 100BaseLX 1.76 Wiesemann & Theis / Software / Com-Server Highspeed 100BaseLX		1.76
Com-Server Highspeed 19" 1Port 1.76 Wiesemann & Theis / Software / Com-Server Highspeed 19" 1Port		1.76
Com-Server Highspeed 19" 4Port 1.76 Wiesemann & Theis / Software / Com-Server Highspeed 19" 4Port		1.76
Com-Server Highspeed Compact 1.76 Wiesemann & Theis / Software / Com-Server Highspeed Compact		1.76
Com-Server Highspeed Industry 1.76 Wiesemann & Theis / Software / Com-Server Highspeed Industry		—
Com-Server Highspeed Isolated 1.76 Wiesemann & Theis / Software / Com-Server Highspeed Isolated		—
Com-Server Highspeed OEM 1.76 Wiesemann & Theis / Software / Com-Server Highspeed OEM		—
Com-Server Highspeed Office 1 Port 1.76 Wiesemann & Theis / Software / Com-Server Highspeed Office 1 Port		1.76
Com-Server Highspeed Office 4 Port 1.76 Wiesemann & Theis / Software / Com-Server Highspeed Office 4 Port		1.76
Com-Server Highspeed PoE 1.76 Wiesemann & Theis / Software / Com-Server Highspeed PoE		1.76
Com-Server LC 1.48 Wiesemann & Theis / Software / Com-Server LC		1.48
Com-Server PoE 3 x Isolated 1.48 Wiesemann & Theis / Software / Com-Server PoE 3 x Isolated		1.48
Com-Server UL 1.48 Wiesemann & Theis / Software / Com-Server UL		1.48

References

3 references

URL	Category
https://certvde.com/en/advisories/vendor/wut/	external
https://certvde.com/en/advisories/VDE-2022-043/	self
https://wut.csaf-tp.certvde.com/.well-known/csaf/…	self

Acknowledgments

CERT@VDE

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "Multiple Wiesemann \u0026 Theis product families are affected by multiple vulnerabilities in the web interface.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "See CVEs for further details.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "- Update Com-Server Family to version 1.48 or higher.\n\n- Update the Com-Server Highspeed Family to version 1.76 or higher.",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "security@wut.de",
      "name": "Wiesemann \u0026 Theis GmbH",
      "namespace": "https://www.wut.de"
    },
    "references": [
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for Wiesemann \u0026 Theis GmbH",
        "url": "https://certvde.com/en/advisories/vendor/wut/"
      },
      {
        "category": "self",
        "summary": "VDE-2022-043: Wiesemann \u0026 Theis: Multiple Vulnerabilities in the Com-Server Family - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2022-043/"
      },
      {
        "category": "self",
        "summary": "VDE-2022-043: Wiesemann \u0026 Theis: Multiple Vulnerabilities in the Com-Server Family - CSAF",
        "url": "https://wut.csaf-tp.certvde.com/.well-known/csaf/white/2022/vde-2022-043.json"
      }
    ],
    "title": "Wiesemann \u0026 Theis: Multiple Vulnerabilities in the Com-Server Family",
    "tracking": {
      "aliases": [
        "VDE-2022-043"
      ],
      "current_release_date": "2022-11-07T12:14:00.000Z",
      "generator": {
        "date": "2025-03-31T13:58:09.183Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.22"
        }
      },
      "id": "VDE-2022-043",
      "initial_release_date": "2022-11-07T11:43:00.000Z",
      "revision_history": [
        {
          "date": "2022-11-07T12:14:00.000Z",
          "number": "1",
          "summary": "Initial revision."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c1.48",
                    "product": {
                      "name": "AT-Modem-Emulator \u003c1.48",
                      "product_id": "CSAFPID-51001",
                      "product_identification_helper": {
                        "model_numbers": [
                          "58666"
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "1.48",
                    "product": {
                      "name": "AT-Modem-Emulator 1.48",
                      "product_id": "CSAFPID-52001"
                    }
                  }
                ],
                "category": "product_name",
                "name": "AT-Modem-Emulator"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c1.48",
                    "product": {
                      "name": "Com-Server ++ \u003c1.48",
                      "product_id": "CSAFPID-51002",
                      "product_identification_helper": {
                        "model_numbers": [
                          "58665"
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "1.48",
                    "product": {
                      "name": "Com-Server ++ 1.48",
                      "product_id": "CSAFPID-52002"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Com-Server ++"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c1.48",
                    "product": {
                      "name": "Com-Server 20mA \u003c1.48",
                      "product_id": "CSAFPID-51003",
                      "product_identification_helper": {
                        "model_numbers": [
                          "58664"
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "1.48",
                    "product": {
                      "name": "Com-Server 20mA 1.48",
                      "product_id": "CSAFPID-52003"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Com-Server 20mA"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c1.76",
                    "product": {
                      "name": "Com-Server Highspeed 100BaseFX \u003c1.76",
                      "product_id": "CSAFPID-51004",
                      "product_identification_helper": {
                        "model_numbers": [
                          "58651"
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "1.76",
                    "product": {
                      "name": "Com-Server Highspeed 100BaseFX 1.76",
                      "product_id": "CSAFPID-52004"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Com-Server Highspeed 100BaseFX"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c1.76",
                    "product": {
                      "name": "Com-Server Highspeed 100BaseLX \u003c1.76",
                      "product_id": "CSAFPID-51005",
                      "product_identification_helper": {
                        "model_numbers": [
                          "58652"
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "1.76",
                    "product": {
                      "name": "Com-Server Highspeed 100BaseLX 1.76",
                      "product_id": "CSAFPID-52005"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Com-Server Highspeed 100BaseLX"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c1.76",
                    "product": {
                      "name": "Com-Server Highspeed 19\" 1Port \u003c1.76",
                      "product_id": "CSAFPID-51006",
                      "product_identification_helper": {
                        "model_numbers": [
                          "58331"
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "1.76",
                    "product": {
                      "name": "Com-Server Highspeed 19\" 1Port 1.76",
                      "product_id": "CSAFPID-52006"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Com-Server Highspeed 19\" 1Port"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c1.76",
                    "product": {
                      "name": "Com-Server Highspeed 19\" 4Port \u003c1.76",
                      "product_id": "CSAFPID-51007",
                      "product_identification_helper": {
                        "model_numbers": [
                          "58334"
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "1.76",
                    "product": {
                      "name": "Com-Server Highspeed 19\" 4Port 1.76",
                      "product_id": "CSAFPID-52007"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Com-Server Highspeed 19\" 4Port"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c1.76",
                    "product": {
                      "name": "Com-Server Highspeed Compact \u003c1.76",
                      "product_id": "CSAFPID-51008",
                      "product_identification_helper": {
                        "model_numbers": [
                          "58231"
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "1.76",
                    "product": {
                      "name": "Com-Server Highspeed Compact 1.76",
                      "product_id": "CSAFPID-52008"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Com-Server Highspeed Compact"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c1.76",
                    "product": {
                      "name": "Com-Server Highspeed Industry \u003c1.76",
                      "product_id": "CSAFPID-51009",
                      "product_identification_helper": {
                        "model_numbers": [
                          "58631"
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "1.76",
                    "product": {
                      "name": "Com-Server Highspeed Industry 1.76",
                      "product_id": "CSAFPID-52009"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Com-Server Highspeed Industry"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c1.76",
                    "product": {
                      "name": "Com-Server Highspeed Isolated \u003c1.76",
                      "product_id": "CSAFPID-51010",
                      "product_identification_helper": {
                        "model_numbers": [
                          "58633"
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "1.76",
                    "product": {
                      "name": "Com-Server Highspeed Isolated 1.76",
                      "product_id": "CSAFPID-52010"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Com-Server Highspeed Isolated"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c1.76",
                    "product": {
                      "name": "Com-Server Highspeed OEM \u003c1.76",
                      "product_id": "CSAFPID-51011",
                      "product_identification_helper": {
                        "model_numbers": [
                          "58431"
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "1.76",
                    "product": {
                      "name": "Com-Server Highspeed OEM 1.76",
                      "product_id": "CSAFPID-52011"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Com-Server Highspeed OEM"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c1.76",
                    "product": {
                      "name": "Com-Server Highspeed Office 1 Port \u003c1.76",
                      "product_id": "CSAFPID-51012",
                      "product_identification_helper": {
                        "model_numbers": [
                          "58031"
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "1.76",
                    "product": {
                      "name": "Com-Server Highspeed Office 1 Port 1.76",
                      "product_id": "CSAFPID-52012"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Com-Server Highspeed Office 1 Port"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c1.76",
                    "product": {
                      "name": "Com-Server Highspeed Office 4 Port \u003c1.76",
                      "product_id": "CSAFPID-51013",
                      "product_identification_helper": {
                        "model_numbers": [
                          "58034"
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "1.76",
                    "product": {
                      "name": "Com-Server Highspeed Office 4 Port 1.76",
                      "product_id": "CSAFPID-52013"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Com-Server Highspeed Office 4 Port"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c1.76",
                    "product": {
                      "name": "Com-Server Highspeed PoE \u003c1.76",
                      "product_id": "CSAFPID-51014",
                      "product_identification_helper": {
                        "model_numbers": [
                          "58641"
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "1.76",
                    "product": {
                      "name": "Com-Server Highspeed PoE 1.76",
                      "product_id": "CSAFPID-52014"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Com-Server Highspeed PoE"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c1.48",
                    "product": {
                      "name": "Com-Server LC \u003c1.48",
                      "product_id": "CSAFPID-51015",
                      "product_identification_helper": {
                        "model_numbers": [
                          "58661"
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "1.48",
                    "product": {
                      "name": "Com-Server LC 1.48",
                      "product_id": "CSAFPID-52015"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Com-Server LC"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c1.48",
                    "product": {
                      "name": "Com-Server PoE 3 x Isolated \u003c1.48",
                      "product_id": "CSAFPID-51016",
                      "product_identification_helper": {
                        "model_numbers": [
                          "58662"
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "1.48",
                    "product": {
                      "name": "Com-Server PoE 3 x Isolated 1.48",
                      "product_id": "CSAFPID-52016"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Com-Server PoE 3 x Isolated"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c1.48",
                    "product": {
                      "name": "Com-Server UL \u003c1.48",
                      "product_id": "CSAFPID-51017",
                      "product_identification_helper": {
                        "model_numbers": [
                          "58669"
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "1.48",
                    "product": {
                      "name": "Com-Server UL 1.48",
                      "product_id": "CSAFPID-52017"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Com-Server UL"
              }
            ],
            "category": "product_family",
            "name": "Software"
          }
        ],
        "category": "vendor",
        "name": "Wiesemann \u0026 Theis"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-51001",
          "CSAFPID-51002",
          "CSAFPID-51003",
          "CSAFPID-51004",
          "CSAFPID-51005",
          "CSAFPID-51006",
          "CSAFPID-51007",
          "CSAFPID-51008",
          "CSAFPID-51009",
          "CSAFPID-51010",
          "CSAFPID-51011",
          "CSAFPID-51012",
          "CSAFPID-51013",
          "CSAFPID-51014",
          "CSAFPID-51015",
          "CSAFPID-51016",
          "CSAFPID-51017"
        ],
        "summary": "Affected Products"
      },
      {
        "group_id": "CSAFGID-0002",
        "product_ids": [
          "CSAFPID-52001",
          "CSAFPID-52002",
          "CSAFPID-52003",
          "CSAFPID-52004",
          "CSAFPID-52005",
          "CSAFPID-52006",
          "CSAFPID-52007",
          "CSAFPID-52008",
          "CSAFPID-52009",
          "CSAFPID-52010",
          "CSAFPID-52011",
          "CSAFPID-52012",
          "CSAFPID-52013",
          "CSAFPID-52014",
          "CSAFPID-52015",
          "CSAFPID-52016",
          "CSAFPID-52017"
        ],
        "summary": "Fixed Products"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-42785",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "notes": [
        {
          "category": "description",
          "text": "Multiple W\u0026T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET Request.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-52001",
          "CSAFPID-52002",
          "CSAFPID-52003",
          "CSAFPID-52004",
          "CSAFPID-52005",
          "CSAFPID-52006",
          "CSAFPID-52007",
          "CSAFPID-52008",
          "CSAFPID-52009",
          "CSAFPID-52010",
          "CSAFPID-52011",
          "CSAFPID-52012",
          "CSAFPID-52013",
          "CSAFPID-52014",
          "CSAFPID-52015",
          "CSAFPID-52016",
          "CSAFPID-52017"
        ],
        "known_affected": [
          "CSAFPID-51001",
          "CSAFPID-51002",
          "CSAFPID-51003",
          "CSAFPID-51004",
          "CSAFPID-51005",
          "CSAFPID-51006",
          "CSAFPID-51007",
          "CSAFPID-51008",
          "CSAFPID-51009",
          "CSAFPID-51010",
          "CSAFPID-51011",
          "CSAFPID-51012",
          "CSAFPID-51013",
          "CSAFPID-51014",
          "CSAFPID-51015",
          "CSAFPID-51016",
          "CSAFPID-51017"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "- Update Com-Server Family to version 1.48 or higher.\n\n- Update the Com-Server Highspeed Family to version 1.76 or higher.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-51001",
            "CSAFPID-51002",
            "CSAFPID-51003",
            "CSAFPID-51004",
            "CSAFPID-51005",
            "CSAFPID-51006",
            "CSAFPID-51007",
            "CSAFPID-51008",
            "CSAFPID-51009",
            "CSAFPID-51010",
            "CSAFPID-51011",
            "CSAFPID-51012",
            "CSAFPID-51013",
            "CSAFPID-51014",
            "CSAFPID-51015",
            "CSAFPID-51016",
            "CSAFPID-51017"
          ]
        }
      ],
      "title": "CVE-2022-42785"
    },
    {
      "cve": "CVE-2022-42787",
      "cwe": {
        "id": "CWE-334",
        "name": "Small Space of Random Values"
      },
      "notes": [
        {
          "category": "description",
          "text": "Multiple W\u0026T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to the his account on the the device.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-52001",
          "CSAFPID-52002",
          "CSAFPID-52003",
          "CSAFPID-52004",
          "CSAFPID-52005",
          "CSAFPID-52006",
          "CSAFPID-52007",
          "CSAFPID-52008",
          "CSAFPID-52009",
          "CSAFPID-52010",
          "CSAFPID-52011",
          "CSAFPID-52012",
          "CSAFPID-52013",
          "CSAFPID-52014",
          "CSAFPID-52015",
          "CSAFPID-52016",
          "CSAFPID-52017"
        ],
        "known_affected": [
          "CSAFPID-51001",
          "CSAFPID-51002",
          "CSAFPID-51003",
          "CSAFPID-51004",
          "CSAFPID-51005",
          "CSAFPID-51006",
          "CSAFPID-51007",
          "CSAFPID-51008",
          "CSAFPID-51009",
          "CSAFPID-51010",
          "CSAFPID-51011",
          "CSAFPID-51012",
          "CSAFPID-51013",
          "CSAFPID-51014",
          "CSAFPID-51015",
          "CSAFPID-51016",
          "CSAFPID-51017"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "- Update Com-Server Family to version 1.48 or higher.\n\n- Update the Com-Server Highspeed Family to version 1.76 or higher.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-51001",
            "CSAFPID-51002",
            "CSAFPID-51003",
            "CSAFPID-51004",
            "CSAFPID-51005",
            "CSAFPID-51006",
            "CSAFPID-51007",
            "CSAFPID-51008",
            "CSAFPID-51009",
            "CSAFPID-51010",
            "CSAFPID-51011",
            "CSAFPID-51012",
            "CSAFPID-51013",
            "CSAFPID-51014",
            "CSAFPID-51015",
            "CSAFPID-51016",
            "CSAFPID-51017"
          ]
        }
      ],
      "title": "CVE-2022-42787"
    },
    {
      "cve": "CVE-2022-42786",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "Multiple W\u0026T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-52001",
          "CSAFPID-52002",
          "CSAFPID-52003",
          "CSAFPID-52004",
          "CSAFPID-52005",
          "CSAFPID-52006",
          "CSAFPID-52007",
          "CSAFPID-52008",
          "CSAFPID-52009",
          "CSAFPID-52010",
          "CSAFPID-52011",
          "CSAFPID-52012",
          "CSAFPID-52013",
          "CSAFPID-52014",
          "CSAFPID-52015",
          "CSAFPID-52016",
          "CSAFPID-52017"
        ],
        "known_affected": [
          "CSAFPID-51001",
          "CSAFPID-51002",
          "CSAFPID-51003",
          "CSAFPID-51004",
          "CSAFPID-51005",
          "CSAFPID-51006",
          "CSAFPID-51007",
          "CSAFPID-51008",
          "CSAFPID-51009",
          "CSAFPID-51010",
          "CSAFPID-51011",
          "CSAFPID-51012",
          "CSAFPID-51013",
          "CSAFPID-51014",
          "CSAFPID-51015",
          "CSAFPID-51016",
          "CSAFPID-51017"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "- Update Com-Server Family to version 1.48 or higher.\n\n- Update the Com-Server Highspeed Family to version 1.76 or higher.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "environmentalScore": 5.4,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "temporalScore": 5.4,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-51001",
            "CSAFPID-51002",
            "CSAFPID-51003",
            "CSAFPID-51004",
            "CSAFPID-51005",
            "CSAFPID-51006",
            "CSAFPID-51007",
            "CSAFPID-51008",
            "CSAFPID-51009",
            "CSAFPID-51010",
            "CSAFPID-51011",
            "CSAFPID-51012",
            "CSAFPID-51013",
            "CSAFPID-51014",
            "CSAFPID-51015",
            "CSAFPID-51016",
            "CSAFPID-51017"
          ]
        }
      ],
      "title": "CVE-2022-42786"
    }
  ]
}

CVE-2022-42787 (GCVE-0-2022-42787)

Vulnerability from cvelistv5 – Published: 2022-11-10 11:06 – Updated: 2025-05-01 19:01

Title

Wiesemann & Theis: Small number space for allocating session id in Com-Server family

Summary

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-330 - Use of Insufficiently Random Values

Assigner

CERTVDE

References

1 reference

URL	Tags
https://cert.vde.com/de/advisories/VDE-2022-043

Impacted products

17 products

Vendor	Product	Version
Wiesemann & Theis	Com-Server LC	Affected: 1.0 , < 1.48 (semver)
Wiesemann & Theis	Com-Server PoE 3 x Isolated	Affected: 1.0 , < 1.48 (semver)
Wiesemann & Theis	Com-Server 20mA	Affected: 1.0 , < 1.48 (semver)
Wiesemann & Theis	Com-Server ++	Affected: 1.0 , < 1.48 (semver)
Wiesemann & Theis	AT-Modem-Emulator	Affected: 1.0 , < 1.48 (semver)
Wiesemann & Theis	Com-Server UL	Affected: 1.0 , < 1.48 (semver)
Wiesemann & Theis	Com-Server Highspeed 100BaseFX	Affected: 1.0 , < 1.76 (semver)
Wiesemann & Theis	Com-Server Highspeed 100BaseLX	Affected: 1.0 , < 1.76 (semver)
Wiesemann & Theis	Com-Server Highspeed Office 1 Port	Affected: 1.0 , < 1.76 (semver)
Wiesemann & Theis	Com-Server Highspeed Office 4 Port	Affected: 1.0 , < 1.76 (semver)
Wiesemann & Theis	Com-Server Highspeed Industry	Affected: 1.0 , < 1.76 (semver)
Wiesemann & Theis	Com-Server Highspeed OEM	Affected: 1.0 , < 1.76 (semver)
Wiesemann & Theis	Com-Server Highspeed Compact	Affected: 1.0 , < 1.76 (semver)
Wiesemann & Theis	Com-Server Highspeed Isolated	Affected: 1.0 , < 1.76 (semver)
Wiesemann & Theis	Com-Server Highspeed 19" 1Port	Affected: 1.0 , < 1.76 (semver)
Wiesemann & Theis	Com-Server Highspeed 19" 4Port	Affected: 1.0 , < 1.76 (semver)
Wiesemann & Theis	Com-Server Highspeed PoE	Affected: 1.0 , < 1.76 (semver)

Date Public ?

2022-11-07 10:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:19:04.509Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert.vde.com/de/advisories/VDE-2022-043"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-42787",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-01T19:01:02.435905Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-01T19:01:20.740Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server LC",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.48",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server PoE 3 x Isolated",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.48",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server 20mA",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.48",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server ++",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.48",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AT-Modem-Emulator",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.48",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server UL",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.48",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server Highspeed 100BaseFX",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.76",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server Highspeed 100BaseLX",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.76",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server Highspeed Office 1 Port",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.76",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server Highspeed Office 4 Port",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.76",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server Highspeed Industry",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.76",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server Highspeed OEM",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.76",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server Highspeed Compact",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.76",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server Highspeed Isolated",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.76",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server Highspeed 19\" 1Port",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.76",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server Highspeed 19\" 4Port",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.76",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server Highspeed PoE",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.76",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2022-11-07T10:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Multiple W\u0026amp;T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be successful a user interaction is required."
            }
          ],
          "value": "Multiple W\u0026T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be successful a user interaction is required."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-112",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-112 Brute Force"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-330",
              "description": "CWE-330 Use of Insufficiently Random Values",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-01T13:56:46.185Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://cert.vde.com/de/advisories/VDE-2022-043"
        }
      ],
      "source": {
        "advisory": "VDE-2022-043",
        "defect": [
          "CERT@VDE#64257"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Wiesemann \u0026 Theis: Small number space for allocating session id in Com-Server family",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2022-42787",
    "datePublished": "2022-11-10T11:06:20.856Z",
    "dateReserved": "2022-10-11T13:32:19.672Z",
    "dateUpdated": "2025-05-01T19:01:20.740Z",
    "requesterUserId": "a1e5283b-8f0d-401e-98b2-bc6219c0e8d1",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-42785 (GCVE-0-2022-42785)

Vulnerability from cvelistv5 – Published: 2022-11-10 11:01 – Updated: 2025-05-01 19:02

Title

Wiesemann & Theis: Authentication bypass in Com-Server family

Summary

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-306 - Missing Authentication for Critical Function

Assigner

CERTVDE

References

1 reference

URL	Tags
https://cert.vde.com/de/advisories/VDE-2022-043/

Impacted products

17 products

Vendor	Product	Version
Wiesemann & Theis	Com-Server LC	Affected: 1.0 , < 1.48 (semver)
Wiesemann & Theis	Com-Server PoE 3 x Isolated	Affected: 1.0 , < 1.48 (semver)
Wiesemann & Theis	Com-Server 20mA	Affected: 1.0 , < 1.48 (semver)
Wiesemann & Theis	Com-Server ++	Affected: 1.0 , < 1.48 (semver)
Wiesemann & Theis	AT-Modem-Emulator	Affected: 1.0 , < 1.48 (semver)
Wiesemann & Theis	Com-Server UL	Affected: 1.0 , < 1.48 (semver)
Wiesemann & Theis	Com-Server Highspeed 100BaseFX	Affected: 1.0 , < 1.76 (semver)
Wiesemann & Theis	Com-Server Highspeed 100BaseLX	Affected: 1.0 , < 1.76 (semver)
Wiesemann & Theis	Com-Server Highspeed Office 1 Port	Affected: 1.0 , < 1.76 (semver)
Wiesemann & Theis	Com-Server Highspeed Office 4 Port	Affected: 1.0 , < 1.76 (semver)
Wiesemann & Theis	Com-Server Highspeed Industry	Affected: 1.0 , < 1.76 (semver)
Wiesemann & Theis	Com-Server Highspeed OEM	Affected: 1.0 , < 1.76 (semver)
Wiesemann & Theis	Com-Server Highspeed Compact	Affected: 1.0 , < 1.76 (semver)
Wiesemann & Theis	Com-Server Highspeed Isolated	Affected: 1.0 , < 1.76 (semver)
Wiesemann & Theis	Com-Server Highspeed 19" 1Port	Affected: 1.0 , < 1.76 (semver)
Wiesemann & Theis	Com-Server Highspeed 19" 4Port	Affected: 1.0 , < 1.76 (semver)
Wiesemann & Theis	Com-Server Highspeed PoE	Affected: 1.0 , < 1.76 (semver)

Date Public ?

2022-11-07 10:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:19:04.510Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert.vde.com/de/advisories/VDE-2022-043/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-42785",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-01T19:01:46.831217Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-01T19:02:00.365Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server LC",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.48",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server PoE 3 x Isolated",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.48",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server 20mA",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.48",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server ++",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.48",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AT-Modem-Emulator",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.48",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server UL",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.48",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server Highspeed 100BaseFX",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.76",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server Highspeed 100BaseLX",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.76",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server Highspeed Office 1 Port",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.76",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server Highspeed Office 4 Port",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.76",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server Highspeed Industry",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.76",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server Highspeed OEM",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.76",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server Highspeed Compact",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.76",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server Highspeed Isolated",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.76",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server Highspeed 19\" 1Port",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.76",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server Highspeed 19\" 4Port",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.76",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server Highspeed PoE",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.76",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2022-11-07T10:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Multiple W\u0026amp;T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET Request."
            }
          ],
          "value": "Multiple W\u0026T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET Request."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-1",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306 Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-15T20:43:00.000Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://cert.vde.com/de/advisories/VDE-2022-043/"
        }
      ],
      "source": {
        "advisory": "VDE-2022-043",
        "defect": [
          "CERT@VDE#64257"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Wiesemann \u0026 Theis: Authentication bypass in Com-Server family",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2022-42785",
    "datePublished": "2022-11-10T11:01:41.011Z",
    "dateReserved": "2022-10-11T13:32:19.671Z",
    "dateUpdated": "2025-05-01T19:02:00.365Z",
    "requesterUserId": "a1e5283b-8f0d-401e-98b2-bc6219c0e8d1",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-42786 (GCVE-0-2022-42786)

Vulnerability from cvelistv5 – Published: 2022-11-10 11:02 – Updated: 2025-04-29 14:56

Title

Wiesemann & Theis: XSS vulnerability in web interface of the Com-Server family

Summary

Severity ?

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

CERTVDE

References

1 reference

URL	Tags
https://cert.vde.com/de/advisories/VDE-2022-043/

Impacted products

17 products

Vendor	Product	Version
Wiesemann & Theis	Com-Server LC	Affected: 1.0 , < 1.48 (semver)
Wiesemann & Theis	Com-Server PoE 3 x Isolated	Affected: 1.0 , < 1.48 (semver)
Wiesemann & Theis	Com-Server 20mA	Affected: 1.0 , < 1.48 (semver)
Wiesemann & Theis	Com-Server ++	Affected: 1.0 , < 1.48 (semver)
Wiesemann & Theis	AT-Modem-Emulator	Affected: 1.0 , < 1.48 (semver)
Wiesemann & Theis	Com-Server UL	Affected: 1.0 , < 1.48 (semver)
Wiesemann & Theis	Com-Server Highspeed 100BaseFX	Affected: 1.0 , < 1.76 (semver)
Wiesemann & Theis	Com-Server Highspeed 100BaseLX	Affected: 1.0 , < 1.76 (semver)
Wiesemann & Theis	Com-Server Highspeed Office 1 Port	Affected: 1.0 , < 1.76 (semver)
Wiesemann & Theis	Com-Server Highspeed Office 4 Port	Affected: 1.0 , < 1.76 (semver)
Wiesemann & Theis	Com-Server Highspeed Industry	Affected: 1.0 , < 1.76 (semver)
Wiesemann & Theis	Com-Server Highspeed OEM	Affected: 1.0 , < 1.76 (semver)
Wiesemann & Theis	Com-Server Highspeed Compact	Affected: 1.0 , < 1.76 (semver)
Wiesemann & Theis	Com-Server Highspeed Isolated	Affected: 1.0 , < 1.76 (semver)
Wiesemann & Theis	Com-Server Highspeed 19" 1Port	Affected: 1.0 , < 1.76 (semver)
Wiesemann & Theis	Com-Server Highspeed 19" 4Port	Affected: 1.0 , < 1.76 (semver)
Wiesemann & Theis	Com-Server Highspeed PoE	Affected: 1.0 , < 1.76 (semver)

Date Public ?

2022-11-07 10:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:19:04.411Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert.vde.com/de/advisories/VDE-2022-043/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-42786",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-29T14:56:37.167104Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-29T14:56:50.373Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server LC",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.48",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server PoE 3 x Isolated",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.48",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server 20mA",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.48",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server ++",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.48",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AT-Modem-Emulator",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.48",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server UL",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.48",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server Highspeed 100BaseFX",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.76",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server Highspeed 100BaseLX",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.76",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server Highspeed Office 1 Port",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.76",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server Highspeed Office 4 Port",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.76",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server Highspeed Industry",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.76",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server Highspeed OEM",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.76",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server Highspeed Compact",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.76",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server Highspeed Isolated",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.76",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server Highspeed 19\" 1Port",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.76",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server Highspeed 19\" 4Port",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.76",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com-Server Highspeed PoE",
          "vendor": "Wiesemann \u0026 Theis",
          "versions": [
            {
              "lessThan": "1.76",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2022-11-07T10:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Multiple W\u0026amp;T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage"
            }
          ],
          "value": "Multiple W\u0026T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-32",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-32 XSS Through HTTP Query Strings"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-16T08:53:50.333Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://cert.vde.com/de/advisories/VDE-2022-043/"
        }
      ],
      "source": {
        "advisory": "VDE-2022-043",
        "defect": [
          "CERT@VDE#64257"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Wiesemann \u0026 Theis: XSS vulnerability in web interface of the Com-Server family",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2022-42786",
    "datePublished": "2022-11-10T11:02:32.615Z",
    "dateReserved": "2022-10-11T13:32:19.672Z",
    "dateUpdated": "2025-04-29T14:56:50.373Z",
    "requesterUserId": "a1e5283b-8f0d-401e-98b2-bc6219c0e8d1",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

VDE-2022-043

CVE-2022-42787 (GCVE-0-2022-42787)

CVE-2022-42785 (GCVE-0-2022-42785)

CVE-2022-42786 (GCVE-0-2022-42786)

Tags

Sightings

Nomenclature